Hi,
I am trying to setup Fail2ban but it’s not blocking the IP’s.
Only reason I can think of is seahub.log is missing IP addresses.
attaching logs below
2016-09-04 08:40:43,782 [ERROR] seahub.views.sysadmin:1112 user_toggle_status [Errno 111] Connection refused
2016-09-04 08:41:17,856 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 3
2016-09-04 08:41:18,112 [WARNING] seahub.auth.views:182 login Login attempt limit reached, freeze the user email/username: zab@abc.com, ip: -, attemps: 3
2016-09-04 08:41:28,691 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 4
2016-09-04 08:41:42,611 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 5
2016-09-04 08:41:52,536 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 6
2016-09-04 08:42:03,946 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 7
2016-09-04 08:42:13,559 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 8
2016-09-04 08:42:23,182 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 9
2016-09-04 08:46:57,793 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: zab%40abc.com, ip: -, attemps: 10
2016-09-04 08:47:45,904 [WARNING] seahub.auth.views:172 login Login attempt limit reached, try freeze the user, email/username: hedbdbdh, ip: -, attemps: 10
2016-09-04 08:47:45,922 [WARNING] seahub.auth.views:185 login Login attempt limit reached with invalid email/username: hedbdbdh, ip: -, attemps: 10
2016-09-04 09:40:15,734 [WARNING] seahub.auth.views:191 login Login attempt limit reached, show Captcha, email/username: faff, ip: -, attemps: 3
2016-09-04 09:40:26,162 [WARNING] seahub.auth.views:191 login Login attempt limit reached, show Captcha, email/username: afaf, ip: -, attemps: 4
2016-09-04 09:40:31,145 [WARNING] seahub.auth.views:191 login Login attempt limit reached, show Captcha, email/username: asfdafa, ip: -, attemps: 5
here is my nginx > seafile.conf
server {
listen 80;
server_name abc.xyz.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
}
server {
listen 443;
ssl on;
ssl_certificate /abc.xyz/blah.pem; # path to your cacert.pem
ssl_certificate_key /abc.xyz/blah.pem; # path to your privkey.pem
server_name abc.xyz.com;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”;
server_tokens off;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /media {
root /abc/xyz;
}
}
and fail2ban is configured as explained in below link, only parameter changed is maxretry = 2 (6 real login attempts)
http://manual.seafile.com/security/fail2ban.html1
Thanks!