I have already played with it and concluded that fail2ban missed it...in
my previous mail its mentioned that

#fail2ban-regex /var/log/auth.log
/etc/fail2ban/filter.d/proftpd.conf|grep 124.205.130.15

Nothing in the output, that means it has just missed to ban this guy.

Kerin did mention that this is an issue on the regex, that it captures
the guy who played with an unknown user and not because a user tried 3
times.

Honestly, I would love to get to solve the issue as this is obviously
not the intention.
The idea was to BAN any IP regardless of the user is defined on the box
or not.

P:S
I havent looked on those filter yet, I was on holiday since yesterday so
probably tomorrow I will get time to check if I can put my hands dirty
on this subject.

GR
mrfroasty




GR
mrfroasty

Homer Parker wrote:
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote:
>   
>> Actually we are talking about proftp deamon analysed using
>> /var/log/auth.log.
>>     
>
> 	You can play with fail2ban-regex and see what it thinks.
>
>   


-- 
Extra details:
OSS:Gentoo Linux
profile:x86
Hardware:msi geforce 8600GT asus p5k-se
location:/home/muhsin
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS
Typo:40WPM
url:http://www.mzalendo.net