Fail2ban setting findtime per Jail
In Fail2ban (great idea to include it in plesk!) settings you can set "Time interval for detection of subsequent attacks" (findtime) in general. But it would be interesting this setting per Jail.
Why?
you could have 2 jail with same filter but different findtime. Example:
Jail 1) 5 failures in 600 seconds: 1800 seconds ban
Jail 2) 30 failures in 86400 seconds: 604800 seconds ban
There are bots that detect if you have some protection fail2ban or similar and it will adapt, login attempt every 300 seconds for example. Jail 1 no detect this attack, but Jail 2 yes.
Rubén
shared this idea
-
Anonymous
commented
RECIDIVE can't be used for this special reason - we have the same. Short attacks with 300 requests in 600 seconds and long attacks with 3000 requests a day. I don't find a solution for that with recidive?
-
UFHH01
commented
Pls. consider to use the RECIDIVE jail. It has been invented just for that special reason!
-
Anonymous commented
Very usefull and needed ! More and more attacks !
-
trialotto
commented
Rubén, the findtime can be set in the /etc/fail2ban/jail.local file.
Note that I did add a findtime value and am just waiting for results.
Regards....
-
Plesk supports version 8.9 (stable). You can only use 9.1 at your own risk
-
Shahan N.
commented
The new Filters from Version 9.1 makes Problems on Plesk - please fix that. It's difficult then before.
-
Andy
commented
I need also a specific findtime for this solution: http://stuffphilwrites.com/2013/03/permanently-ban-repeat-offenders-fail2ban/
-
JJ
commented
searched for this also
