Configure fail2ban for phpmyadmin and roundcube
Posted: Fri Mar 03, 2023 2:01 pm
Brief instructions on how to set up fail2ban for phpmyadmin and roundcube.
If you uncomment #action = vesta[name=WEB] then we will have the opportunity to remove ip from the banlist, through vesta (firewall tab).
But you need to remember that if an ip is banned in phpmyadmin or roundcube, it will be banned on port 80, 443. Any resources on the server will not be available (and user sites). Except vesta port.
There is also a "BUG" with action = vesta[name=WEB]. After removing the ip in the vest, it will be removed from the firewall and will gain access. But in the fail2ban jail, the entry will remain. It should not be. Example: if you do - ip will return to the ban again.
Code: Select all
mcedit /etc/fail2ban/jail.local
But you need to remember that if an ip is banned in phpmyadmin or roundcube, it will be banned on port 80, 443. Any resources on the server will not be available (and user sites). Except vesta port.
Code: Select all
[phpmyadmin]
enabled = true
filter = phpmyadmin-syslog
#action = vesta[name=WEB]
port = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
maxretry = 5
[roundcube]
enabled = true
filter = roundcube-auth
#action = vesta[name=WEB]
port = http,https
logpath = /var/log/roundcube/errors.log
# Use following line in your jail.local if roundcube logs to journal.
#backend = %(syslog_backend)s
maxretry = 10
Code: Select all
service fail2ban restart