vi /etc/fail2ban/filter.d/ispconfig.conf
The first thing we need to do is create a filter for ISPconfig in the /etc/fail2ban/filter.d/ directory.
vi /etc/fail2ban/filter.d/ispconfig.conf
Add the following definition so the filter knows what to look for in the /var/log/ispconfig/auth.log for ISPConfig 3.
# Fail2Ban filter for ISPConfig hard failures
#
[INCLUDES]
before = common.conf
[Definition]
_daemon = (?:ispconfig)
failregex = Failed login for user .* from <HOST>
ignoreregex =
vim /etc/fail2ban/jail.conf
add this line
[ispconfig]
enabled = true
port = 8080
filter = ispconfig
action = iptables-multiport[name=wordpress, port=”http,https”, dest=postmaster@saic.it, sender=postmaster@saic.it]
logpath = /var/log/ispconfig/auth.log
maxretry = 3
findtime = 300
bantime = 10800
You can/should test the new configuration by running the following command.
fail2ban-regex /var/log/ispconfig/auth.log /etc/fail2ban/filter.d/ispconfig.conf
THEN Restart fail2ban to load your new jail for ISPConfig 3 failed login attempts.
service fail2ban restart
usefull