Fail2ban setting findtime per Jail
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban
There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.
RECIDIVE can't be used for this special reason - we have the same. Short attacks with 300 requests in 600 seconds and long attacks with 3000 requests a day. I don't find a solution for that with recidive?
Pls. consider to use the RECIDIVE jail. It has been invented just for that special reason!
Very usefull and needed ! More and more attacks !
Rubén, the findtime can be set in the /etc/fail2ban/jail.local file.
Note that I did add a findtime value and am just waiting for results.
Plesk supports version 8.9 (stable). You can only use 9.1 at your own risk
Shahan N. commented
The new Filters from Version 9.1 makes Problems on Plesk - please fix that. It's difficult then before.
I need also a specific findtime for this solution: http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
searched for this also