Failban Configuration for ISPConfig

vi /etc/fail2ban/filter.d/ispconfig.conf
The first thing we need to do is create a filter for ISPconfig in the /etc/fail2ban/filter.d/ directory.

vi /etc/fail2ban/filter.d/ispconfig.conf
Add the following definition so the filter knows what to look for in the /var/log/ispconfig/auth.log for ISPConfig 3.

# Fail2Ban filter for ISPConfig hard failures


before = common.conf


_daemon = (?:ispconfig)

failregex = Failed login for user .* from <HOST>
ignoreregex =

vim /etc/fail2ban/jail.conf

add this line

enabled = true
port = 8080
filter = ispconfig
action = iptables-multiport[name=wordpress, port=”http,https”,,]
logpath = /var/log/ispconfig/auth.log
maxretry = 3
findtime = 300
bantime = 10800
You can/should test the new configuration by running the following command.

fail2ban-regex /var/log/ispconfig/auth.log /etc/fail2ban/filter.d/ispconfig.conf

THEN Restart fail2ban to load your new jail for ISPConfig 3 failed login attempts.

service fail2ban restart