Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

abuseipdb: fail2ban error banning ip #2468

Closed
ebonsi opened this issue Jul 10, 2019 · 13 comments
Closed

abuseipdb: fail2ban error banning ip #2468

ebonsi opened this issue Jul 10, 2019 · 13 comments

Comments

@ebonsi
Copy link

ebonsi commented Jul 10, 2019
edited by sebres

fail2ban error banning ip...

Logs:
fail2ban logs:

[client 111.56.186.2:62183] script '/Library/WebServer/Documents/shell.php' not found or unable to stat", u"[Tue Jul 09 16:09:02.183033 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/htdocs.php' not found or unable to stat", u"[Tue Jul 09 16:09:02.435035 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/b.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.225233 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/sane.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.476525 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/desktop.ini.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.728760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/z.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.981285 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.234078 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala-dpr.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.487243 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpc.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.739798 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpo.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.991760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/t6nv.php' not found or unable to stat", u"[Tue Jul 09 16:09:05.244504 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat", u"[Tue Jul 09 16:09:05.996976 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/text.php' not found or unable to stat", u"[Tue Jul 09 16:09:06.247857 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wp-config.php' not found or unable to stat", u"[Tue Jul 09 16:09:06.500948 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat"], 'failures': 29, 'ip4': u'111.56.186.2'}, 'fid': <function <lambda> at 0x102b14ed8>, 'raw-ticket': <function <lambda> at 0x102b16410>})': Error banning 111.56.186.2
2019-07-09 16:09:08,054 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:07
2019-07-09 16:09:08,943 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:08
2019-07-09 16:09:08,945 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:08
2019-07-09 16:09:09,287 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,632 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,634 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,960 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:10,260 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:10,568 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:10,931 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:10,932 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:11,435 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:12,157 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:11
2019-07-09 16:09:12,159 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:12
2019-07-09 16:09:18,909 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:18
2019-07-09 16:09:19,041 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:19,243 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:18
2019-07-09 16:09:19,244 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:19,584 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:19,753 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:19,900 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:20,301 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:20,302 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:20
2019-07-09 16:09:20,645 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:20
2019-07-09 16:09:20,674 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:21,465 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:21,779 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:22,124 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:22,191 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:22,976 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:22
2019-07-09 16:09:22,977 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:22
2019-07-09 16:09:23,134 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:23,315 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:23
2019-07-09 16:09:24,181 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:23
2019-07-09 16:09:24,183 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,539 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,751 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:24,874 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,875 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:25,684 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:25,729 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:25
2019-07-09 16:09:26,056 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:25
2019-07-09 16:09:26,058 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:26
2019-07-09 16:09:26,573 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:27,005 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:26
2019-07-09 16:09:27,334 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:27,335 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:27,674 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:28,033 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:28,251 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:28,357 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:28,358 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:28,601 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:28,674 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:29,030 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:29,297 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:29
2019-07-09 16:09:29,647 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:29
2019-07-09 16:09:29,832 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:30,479 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,481 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,767 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:30,832 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,837 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:31,193 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,541 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,542 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,650 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:31,862 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:32,390 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:32,747 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:32
2019-07-09 16:09:33,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:32
2019-07-09 16:09:33,064 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:33,310 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:33,414 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:33,772 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:34,056 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:34,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,150 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:34,380 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,712 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,847 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:39,547 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:39
2019-07-09 16:09:39,550 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:39
2019-07-09 16:09:40,394 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:40
2019-07-09 16:09:40,396 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:40
2019-07-09 16:09:40,773 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:42,010 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,012 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,013 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,325 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:42,330 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:42,682 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:43,023 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:43,268 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:43,853 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:43
2019-07-09 16:09:44,194 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:44,541 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:44,848 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:44,888 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:45,215 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:46,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:45
2019-07-09 16:09:46,064 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:45
2019-07-09 16:09:46,125 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:46,426 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:46,427 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:46,772 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:47,085 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:47,400 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:47,441 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:47,443 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:47,779 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:48,096 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:48,351 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:48,434 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:48,435 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:48,657 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:48,793 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:49,101 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:49,445 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,446 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,797 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,940 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:50,141 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:50,460 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,462 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,795 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,879 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:51,135 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:51,493 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:51
2019-07-09 16:09:51,498 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:51
2019-07-09 16:09:51,768 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:52,398 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:52,399 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:52,734 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:53,076 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:53,400 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:12:17,703 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:12:17
2019-07-09 16:12:17,978 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:12:17
2019-07-09 16:12:18,186 fail2ban.actions        [697]: WARNING [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:22:18,618 fail2ban.actions        [697]: NOTICE  [apache-noscript] Unban 111.56.186.2
@sebres
Copy link
Contributor

sebres commented Jul 10, 2019

Your excerpt of log is unfulfilled - it is cut out from begin, where the reason (error why it is failed) hopefully logged too. Please proved the line(s) before.
Also give here your exact fail2ban version.

@ebonsi
Copy link
Author

ebonsi commented Jul 10, 2019
edited by sebres

The system is MacOS Mojave.
$ fail2ban-client version
0.10.4
My bad, I did not think all the other logs would be relevant... here it is the beginning of 2019-07-09. If you need any previous logs from 2019-07-08 or all the logs let me know.

2019-07-08 23:48:52,712 fail2ban.actions        [697]: NOTICE  [apache-noscript] Unban 129.204.42.29
<-- start 2019-07-09 -->
2019-07-09 16:09:01,666 fail2ban.ipdns          [697]: WARNING Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa: [Errno 8] nodename nor servname provided, or not known
2019-07-09 16:09:06,687 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:56
2019-07-09 16:09:06,689 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:56
2019-07-09 16:09:06,690 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:57
2019-07-09 16:09:06,692 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:57
2019-07-09 16:09:06,693 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:58
2019-07-09 16:09:06,694 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:58
2019-07-09 16:09:06,695 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:59
2019-07-09 16:09:06,696 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:08:59
2019-07-09 16:09:06,697 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:00
2019-07-09 16:09:06,698 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:00
2019-07-09 16:09:06,699 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:00
2019-07-09 16:09:06,700 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:01
2019-07-09 16:09:06,701 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:01
2019-07-09 16:09:06,702 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:01
2019-07-09 16:09:06,703 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:01
2019-07-09 16:09:06,704 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:02
2019-07-09 16:09:06,705 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:02
2019-07-09 16:09:06,706 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:03
2019-07-09 16:09:06,707 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:03
2019-07-09 16:09:06,707 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:03
2019-07-09 16:09:06,708 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:03
2019-07-09 16:09:06,709 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:04
2019-07-09 16:09:06,710 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:04
2019-07-09 16:09:06,711 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:04
2019-07-09 16:09:06,712 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:04
2019-07-09 16:09:06,713 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:05
2019-07-09 16:09:06,714 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:05
2019-07-09 16:09:06,715 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:06
2019-07-09 16:09:06,716 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:06
2019-07-09 16:09:07,072 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:06
2019-07-09 16:09:07,074 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:07
2019-07-09 16:09:07,358 fail2ban.actions        [697]: NOTICE  [apache-noscript] Ban 111.56.186.2
2019-07-09 16:09:07,365 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:07
2019-07-09 16:09:07,704 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:07
2019-07-09 16:09:08,041 fail2ban.utils          [697]: #39-Lev. 102c7ecf8 -- exec: ['f2bV_matches=$0 \nlgm=$(printf \'%s\\n...\' "$f2bV_matches"); curl --fail --tlsv1.1 --data "key=" --data-urlencode "comment=$lgm" --data "ip=111.56.186.2" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"', "[Tue Jul 09 16:08:56.192092 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/Appb142c9a2.php' not found or unable to stat\n[Tue Jul 09 16:08:56.951493 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help.php' not found or unable to stat\n[Tue Jul 09 16:08:57.203202 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/java.php' not found or unable to stat\n[Tue Jul 09 16:08:57.454631 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/_query.php' not found or unable to stat\n[Tue Jul 09 16:08:58.597441 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/test.php' not found or unable to stat\n[Tue Jul 09 16:08:58.850162 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_cts.php' not found or unable to stat\n[Tue Jul 09 16:08:59.101888 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_pma.php' not found or unable to stat\n[Tue Jul 09 16:08:59.353342 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/logon.php' not found or unable to stat\n[Tue Jul 09 16:09:00.318725 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help-e.php' not found or unable to stat\n[Tue Jul 09 16:09:00.571083 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/license.php' not found or unable to stat\n[Tue Jul 09 16:09:00.824855 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/log.php' not found or unable to stat\n[Tue Jul 09 16:09:01.076655 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/hell.php' not found or unable to stat\n[Tue Jul 09 16:09:01.329373 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/pmd_online.php' not found or unable to stat\n[Tue Jul 09 16:09:01.628805 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/x.php' not found or unable to stat\n[Tue Jul 09 16:09:01.898195 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/shell.php' not found or unable to stat\n[Tue Jul 09 16:09:02.183033 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/htdocs.php' not found or unable to stat\n[Tue Jul 09 16:09:02.435035 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/b.php' not found or unable to stat\n[Tue Jul 09 16:09:03.225233 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/sane.php' not found or unable to stat\n[Tue Jul 09 16:09:03.476525 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/desktop.ini.php' not found or unable to stat\n[Tue Jul 09 16:09:03.728760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/z.php' not found or unable to stat\n[Tue Jul 09 16:09:03.981285 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala.php' not found or unable to stat\n[Tue Jul 09 16:09:04.234078 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala-dpr.php' not found or unable to stat\n[Tue Jul 09 16:09:04.487243 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpc.php' not found or unable to stat\n[Tue Jul 09 16:09:04.739798 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpo.php' not found or unable to stat\n[Tue Jul 09 16:09:04.991760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/t6nv.php' not found or unable to stat\n[Tue Jul 09 16:09:05.244504 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat\n[Tue Jul 09 16:09:05.996976 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/text.php' not found or unable to stat\n[Tue Jul 09 16:09:06.247857 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wp-config.php' not found or unable to stat\n[Tue Jul 09 16:09:06.500948 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat"]
2019-07-09 16:09:08,042 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: '  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current'
2019-07-09 16:09:08,043 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: '                                 Dload  Upload   Total   Spent    Left  Speed'
2019-07-09 16:09:08,043 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: ''
2019-07-09 16:09:08,044 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: '  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0'
2019-07-09 16:09:08,044 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: '100  6886    0     0  100  6886      0  10625 --:--:-- --:--:-- --:--:-- 10626'
2019-07-09 16:09:08,045 fail2ban.utils          [697]: ERROR   102c7ecf8 -- stderr: 'curl: (22) The requested URL returned error: 422 '
2019-07-09 16:09:08,045 fail2ban.utils          [697]: ERROR   102c7ecf8 -- returned 22
2019-07-09 16:09:08,046 fail2ban.actions        [697]: ERROR   Failed to execute ban jail 'apache-noscript' action 'abuseipdb' info 'ActionInfo({'matches': u"[Tue Jul 09 16:08:56.192092 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/Appb142c9a2.php' not found or unable to stat\n[Tue Jul 09 16:08:56.951493 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help.php' not found or unable to stat\n[Tue Jul 09 16:08:57.203202 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/java.php' not found or unable to stat\n[Tue Jul 09 16:08:57.454631 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/_query.php' not found or unable to stat\n[Tue Jul 09 16:08:58.597441 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/test.php' not found or unable to stat\n[Tue Jul 09 16:08:58.850162 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_cts.php' not found or unable to stat\n[Tue Jul 09 16:08:59.101888 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_pma.php' not found or unable to stat\n[Tue Jul 09 16:08:59.353342 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/logon.php' not found or unable to stat\n[Tue Jul 09 16:09:00.318725 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help-e.php' not found or unable to stat\n[Tue Jul 09 16:09:00.571083 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/license.php' not found or unable to stat\n[Tue Jul 09 16:09:00.824855 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/log.php' not found or unable to stat\n[Tue Jul 09 16:09:01.076655 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/hell.php' not found or unable to stat\n[Tue Jul 09 16:09:01.329373 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/pmd_online.php' not found or unable to stat\n[Tue Jul 09 16:09:01.628805 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/x.php' not found or unable to stat\n[Tue Jul 09 16:09:01.898195 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/shell.php' not found or unable to stat\n[Tue Jul 09 16:09:02.183033 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/htdocs.php' not found or unable to stat\n[Tue Jul 09 16:09:02.435035 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/b.php' not found or unable to stat\n[Tue Jul 09 16:09:03.225233 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/sane.php' not found or unable to stat\n[Tue Jul 09 16:09:03.476525 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/desktop.ini.php' not found or unable to stat\n[Tue Jul 09 16:09:03.728760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/z.php' not found or unable to stat\n[Tue Jul 09 16:09:03.981285 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala.php' not found or unable to stat\n[Tue Jul 09 16:09:04.234078 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala-dpr.php' not found or unable to stat\n[Tue Jul 09 16:09:04.487243 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpc.php' not found or unable to stat\n[Tue Jul 09 16:09:04.739798 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpo.php' not found or unable to stat\n[Tue Jul 09 16:09:04.991760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/t6nv.php' not found or unable to stat\n[Tue Jul 09 16:09:05.244504 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat\n[Tue Jul 09 16:09:05.996976 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/text.php' not found or unable to stat\n[Tue Jul 09 16:09:06.247857 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wp-config.php' not found or unable to stat\n[Tue Jul 09 16:09:06.500948 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat", 'ip': '111.56.186.2', 'F-*': {'matches': [(u'[', u'Tue Jul 09 16:08:56.192092 2019', u"] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/Appb142c9a2.php' not found or unable to stat"), u"[Tue Jul 09 16:08:56.951493 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help.php' not found or unable to stat", u"[Tue Jul 09 16:08:57.203202 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/java.php' not found or unable to stat", u"[Tue Jul 09 16:08:57.454631 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/_query.php' not found or unable to stat", u"[Tue Jul 09 16:08:58.597441 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/test.php' not found or unable to stat", u"[Tue Jul 09 16:08:58.850162 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_cts.php' not found or unable to stat", u"[Tue Jul 09 16:08:59.101888 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/db_pma.php' not found or unable to stat", u"[Tue Jul 09 16:08:59.353342 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/logon.php' not found or unable to stat", u"[Tue Jul 09 16:09:00.318725 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/help-e.php' not found or unable to stat", u"[Tue Jul 09 16:09:00.571083 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/license.php' not found or unable to stat", u"[Tue Jul 09 16:09:00.824855 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/log.php' not found or unable to stat", u"[Tue Jul 09 16:09:01.076655 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/hell.php' not found or unable to stat", u"[Tue Jul 09 16:09:01.329373 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/pmd_online.php' not found or unable to stat", u"[Tue Jul 09 16:09:01.628805 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/x.php' not found or unable to stat", u"[Tue Jul 09 16:09:01.898195 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/shell.php' not found or unable to stat", u"[Tue Jul 09 16:09:02.183033 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/htdocs.php' not found or unable to stat", u"[Tue Jul 09 16:09:02.435035 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/b.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.225233 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/sane.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.476525 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/desktop.ini.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.728760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/z.php' not found or unable to stat", u"[Tue Jul 09 16:09:03.981285 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.234078 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/lala-dpr.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.487243 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpc.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.739798 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wpo.php' not found or unable to stat", u"[Tue Jul 09 16:09:04.991760 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/t6nv.php' not found or unable to stat", u"[Tue Jul 09 16:09:05.244504 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat", u"[Tue Jul 09 16:09:05.996976 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/text.php' not found or unable to stat", u"[Tue Jul 09 16:09:06.247857 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/wp-config.php' not found or unable to stat", u"[Tue Jul 09 16:09:06.500948 2019] [php7:error] [pid 95727] [client 111.56.186.2:62183] script '/Library/WebServer/Documents/muhstik.php' not found or unable to stat"], 'failures': 29, 'ip4': u'111.56.186.2'}, 'fid': <function <lambda> at 0x102b14ed8>, 'raw-ticket': <function <lambda> at 0x102b16410>})': Error banning 111.56.186.2
2019-07-09 16:09:08,054 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:07
2019-07-09 16:09:08,943 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:08
2019-07-09 16:09:08,945 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:08
2019-07-09 16:09:09,287 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,632 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,634 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:09,960 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:09
2019-07-09 16:09:10,260 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:10,568 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:10,931 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:10,932 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:10
2019-07-09 16:09:11,435 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:12,157 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:11
2019-07-09 16:09:12,159 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:12
2019-07-09 16:09:18,909 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:18
2019-07-09 16:09:19,041 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:19,243 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:18
2019-07-09 16:09:19,244 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:19,584 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:19,753 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:19,900 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:20,301 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:19
2019-07-09 16:09:20,302 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:20
2019-07-09 16:09:20,645 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:20
2019-07-09 16:09:20,674 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:21,465 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:21,779 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:22,124 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:21
2019-07-09 16:09:22,191 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:22,976 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:22
2019-07-09 16:09:22,977 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:22
2019-07-09 16:09:23,134 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:23,315 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:23
2019-07-09 16:09:24,181 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:23
2019-07-09 16:09:24,183 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,539 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,751 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:24,874 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:24,875 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:24
2019-07-09 16:09:25,684 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:25,729 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:25
2019-07-09 16:09:26,056 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:25
2019-07-09 16:09:26,058 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:26
2019-07-09 16:09:26,573 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:27,005 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:26
2019-07-09 16:09:27,334 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:27,335 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:27,674 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:28,033 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:27
2019-07-09 16:09:28,251 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:28,357 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:28,358 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:28,601 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:28,674 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:29,030 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:28
2019-07-09 16:09:29,297 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:29
2019-07-09 16:09:29,647 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:29
2019-07-09 16:09:29,832 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:30,479 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,481 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,767 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:30,832 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:30,837 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:30
2019-07-09 16:09:31,193 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,541 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,542 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:31,650 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:31,862 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:31
2019-07-09 16:09:32,390 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:32,747 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:32
2019-07-09 16:09:33,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:32
2019-07-09 16:09:33,064 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:33,310 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:33,414 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:33,772 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:34,056 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:33
2019-07-09 16:09:34,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,150 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:34,380 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,712 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:34
2019-07-09 16:09:34,847 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:39,547 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:39
2019-07-09 16:09:39,550 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:39
2019-07-09 16:09:40,394 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:40
2019-07-09 16:09:40,396 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:40
2019-07-09 16:09:40,773 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:42,010 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,012 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,013 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:41
2019-07-09 16:09:42,325 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:42,330 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:42,682 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:43,023 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:42
2019-07-09 16:09:43,268 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:43,853 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:43
2019-07-09 16:09:44,194 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:44,541 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:44,848 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:44,888 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:45,215 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:44
2019-07-09 16:09:46,063 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:45
2019-07-09 16:09:46,064 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:45
2019-07-09 16:09:46,125 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:46,426 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:46,427 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:46,772 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:47,085 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:46
2019-07-09 16:09:47,400 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:47,441 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:47,443 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:47,779 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:48,096 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:47
2019-07-09 16:09:48,351 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:48,434 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:48,435 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:48,657 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:48,793 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:49,101 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:48
2019-07-09 16:09:49,445 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,446 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,797 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:49,940 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:50,141 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:49
2019-07-09 16:09:50,460 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,462 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,795 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:50,879 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:51,135 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:50
2019-07-09 16:09:51,493 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:51
2019-07-09 16:09:51,498 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:51
2019-07-09 16:09:51,768 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:09:52,398 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:52,399 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:52,734 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:53,076 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:09:52
2019-07-09 16:09:53,400 fail2ban.actions        [697]: NOTICE  [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:12:17,703 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:12:17
2019-07-09 16:12:17,978 fail2ban.filter         [697]: INFO    [apache-noscript] Found 111.56.186.2 - 2019-07-09 16:12:17
2019-07-09 16:12:18,186 fail2ban.actions        [697]: WARNING [apache-noscript] 111.56.186.2 already banned
2019-07-09 16:22:18,618 fail2ban.actions        [697]: NOTICE  [apache-noscript] Unban 111.56.186.2
2019-07-09 20:48:46,699 fail2ban.ipdns          [697]: WARNING Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa: [Errno 8] nodename nor servname provided, or not known
2019-07-09 20:48:51,710 fail2ban.filter         [697]: INFO    [apache-noscript] Found 35.199.98.180 - 2019-07-09 20:48:41
2019-07-09 23:10:16,509 fail2ban.ipdns          [697]: WARNING Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa: [Errno 8] nodename nor servname provided, or not known
2019-07-09 23:10:21,524 fail2ban.filter         [697]: INFO    [apache-noscript] Found 123.200.14.238 - 2019-07-09 23:10:10
2019-07-09 23:10:21,525 fail2ban.filter         [697]: INFO    [apache-noscript] Found 123.200.14.238 - 2019-07-09 23:10:16

<--/ end 2019-07-09 -->

2019-07-09 16:09:01,666 fail2ban.ipdns [697]: WARNING Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa: [Errno 8] nodename nor servname provided, or not known

Obs: I also do not understand why this log is popping out. The server has a proper reverse DNS of localhost.

@sebres sebres changed the title fail2ban error banning ip abuseipdb: fail2ban error banning ip Jul 10, 2019
@sebres
Copy link
Contributor

sebres commented Jul 10, 2019

So your action is abuseipdb.

No idea why exactly it does not accepted by abuseipdb, but the request returns 422.
If I'm not wrong it means Unprocessable Entity (rejected as semantically incorrect).

The shorter log-excerpt:

#39-Lev. 102c7ecf8 -- exec: ['f2bV_matches=$0 \nlgm=$(printf \'%s\\n...\' "$f2bV_matches"); curl --fail --tlsv1.1 --data "key=" --data-urlencode "comment=$lgm" --data "ip=111.56.186.2" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"', "..."]
ERROR   102c7ecf8 -- stderr: '  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current'
ERROR   102c7ecf8 -- stderr: '                                 Dload  Upload   Total   Spent    Left  Speed'
ERROR   102c7ecf8 -- stderr: ''
ERROR   102c7ecf8 -- stderr: '  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0'
ERROR   102c7ecf8 -- stderr: '100  6886    0     0  100  6886      0  10625 --:--:-- --:--:-- --:--:-- 10626'
ERROR   102c7ecf8 -- stderr: 'curl: (22) The requested URL returned error: 422 '
ERROR   102c7ecf8 -- returned 22
ERROR   Failed to execute ban jail 'apache-noscript' action 'abuseipdb' info 'ActionInfo({'matches': u"...", 'ip': '111.56.186.2', 'F-*': {'matches': [...], 'failures': 29, 'ip4': u'111.56.186.2'}, 'fid': <function <lambda> at 0x102b14ed8>, 'raw-ticket': <function <lambda> at 0x102b16410>})': Error banning 111.56.186.2

So fail2ban is trying to execute this (you can check it in the shell):

f2bV_matches=...
lgm=$(printf '%s\n...' "$f2bV_matches"); curl --fail --tlsv1.1 --data "key=" --data-urlencode "comment=$lgm" --data "ip=111.56.186.2" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"

I assume:

  • either you should specify abuseipdb_category option (looks like it is undefined ATM, because tag <abuseipdb_category> is not substituted).
  • op may be it is fixed in Upgrade to AbuseIPDB API v2 #2302 and other later fixes (try to update your abuseipdb-action configs from current 0.10)

@sebres
Copy link
Contributor

sebres commented Jul 10, 2019

Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa

Hmm... is it by start only?

I guess you have ignoreself = true (it is default, so at least not set to false) in the jail.local?
Looks like the IP will not be recognized as loopback for some reasons, if it trying to resolve initially the addresses and hostname's of the server.

What do you get here as result?

fail2ban-python -c 'import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.DEBUG); from fail2ban.server.ipdns import DNSUtils as du; print(du.getSelfIPs()); print(du.getSelfNames())'

@ebonsi
Copy link
Author

ebonsi commented Jul 10, 2019
edited by sebres 

server:~ server$ fail2ban-python -c 'import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.DEBUG); from fail2ban.server.ipdns import DNSUtils as du; print(du.getSelfIPs()); print(du.getSelfNames())'

WARNING:fail2ban.ipdns:Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa: [Errno 8] nodename nor servname provided, or not known
set(['fe80:1::1', '::1', '127.0.0.1'])
set(['1.0.0.127.in-addr.arpa', 'server.local', 'localhost'])

@ebonsi
Copy link
Author

ebonsi commented Jul 10, 2019
edited by sebres

Maybe I should specify another action than abuseip. There are many others to chose! I am wondering which one will be most effective.

***By the way it was no error coming out of the system.log in regards to fail2ban or abuseip. The only mention was on mac-analytics in relation to fail2ban-python but it is not an error but just an activity connection.

Here is the configuration of the non-script jail,

[apache-noscript]

port = http,https
logpath = /var/log/apache2/error_log
enabled = true
action = pf[name=apache-noscript, port=80, protocol=tcp]
  abuseipdb[name=apache-noscript, port=80, protocol=tcp]
maxretry = 5
bantime = 31536000
filter = apache-noscript

@sebres
Copy link
Contributor

sebres commented Jul 11, 2019

Unable to find a corresponding IP address for 1.0.0.127.in-addr.arpa

It looks like no hostname (fqdn) is set for this host, so for some reasons it gets 1.0.0.127.in-addr.arpa.
The DNS resolver seems to not differentiate between local addresses (names) and that from internet.

Either you should fix that, or you ignore this warning (if your see all your IPs/hostnames), or simple switch to old ignoreip technique (disable ignoreself and specify in ignoreip all your own IPs and/or host names):

ignoreself = false
ignoreip = 127.0.0.1/8 ::1

Maybe I should specify another action than abuseip.

Well your ban-action is pf, but for some reasons it does not work (or has a large latency)...
As mentioned here:

  • Multiport? You set port 80 only (what is with https, which is 443)
  • Some pf/kernel (MacOS?) related issue (e. g. it does not kill current connection for some reasons)

There are many others to chose! I am wondering which one will be most effective.

I cannot help you here, because neither familiar with MacOS, nor I have basically any interest for products of Apple.

@ebonsi
Copy link
Author

ebonsi commented Jul 11, 2019

Thanks for answering to my questions! I will just ignore the fqdn. My domain name is a fqdn. However the server is ran by a private home ATT connection on a static ip address. As I personally configured the network, I do understand the limitations from doing it. ATT will only reverse your fqdn to an ip if you pay more ... too much that I was not willing to expend just to prove myself I can build a server on my own knowledge and serve some of my domains. Therefore, the limitations does not come from my configuration but from their policies. Saying that, I am willing to accept the limitations.

@ebonsi
Copy link
Author

ebonsi commented Jul 11, 2019
edited

...and thanks, I will configure the jail to block the 443/https port. I just have to repeat the same config procedure and include the new port.
By the way, I do understand the Apple issue. They sure are not doing anything on software compatibility leaving people behind and that is a big regress to nowhere I not willing to pay for. High Sierra was really my last upgrade. I just did Mojave to test but I already found some issues that is motivating me to not upgrade from High Sierra. Where to go from here? Linux is my best bet and the only reason I did not switch early is because of the design software issue.

@sebres
Copy link
Contributor

sebres commented Jul 11, 2019

I just have to repeat the same config procedure and include the new port.

Hmm... don't think so. Our pf is a multiport action, so just try:

action = pf[port="80 443", ...]
# or (if you have some older pf-action):
action = pf[port="{80 443}", ...]

Note the {} around the ports - it is platform and config depending (see ##1925 (comment)).

But normally it would be enough to specify something like this instead of overwrite default action interpolation:

[apache-noscript]
port = 80 443
banaction = pf[actiontype=<multiport>]

@sebres sebres closed this as completed Jul 11, 2019
@ebonsi
Copy link
Author

ebonsi commented Jul 12, 2019
edited by sebres

I tried to mimic the instructions above on the action to insert both ports but it did not accepted the syntax. However it accepted on port= 80 443.
Since it is already specified on port, I left the action in blank for ports.
I insert the access_log in there besides error_log and the program accepted the syntax, however I do not know if that is correct or not or if it makes any difference or not. So far this is what I have...

[apache-noscript]

port     = 80 443
logpath = /var/log/apache2/error_log
logpath = /var/log/apache2/access_log
enabled = true
action = pf[name=apache-noscript, protocol=tcp]
        abuseipdb[name=apache-noscript, protocol=tcp]
        hostsdeny[name=apache-noscript, protocol=tcp]
        badips[name=apache-noscript, protocol=tcp]
bantime = 31536000
filter = apache-noscript
findtime = 18144000

@sebres
Copy link
Contributor

sebres commented Jul 12, 2019

I tried to mimic the instructions above on the action to insert both ports but it did not accepted the syntax.

What do you mean exactly?

However it accepted on port= 80 443.
Since it is already specified on port, I left the action in blank for ports.

Variable port is an internal substitution and used in some interpolations in jail.conf.
For example:

fail2ban/config/jail.conf

Line 174 in b288ccd

action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

Note the _ in action_... this option is then used as default interpolations in config and indirectly affect action.
But you overwrite the action completely in your config, so it would not work for you.

As already said above, either you should specify ports in action, or you should set banaction only (then interpolation of your port in jail would work).

So either:

action = pf[port="80 443", name=apache-noscript, protocol=tcp]

or:

port = 80 443
banaction = pf

Still again, if you overwrite action, no one substitution option of jail.conf like banaction or port or protocol etc will be interpolated, and you should specify all in action needed parameters explicitly.

Another variant is to use all-ports operational mode of pf-action, if you'd accept the banned IP cannot reach ALL services (so if your remote IP would be mistakenly banned, you cannot unban yourself from this IP, because sshd-port is not available too).
In this case 0.10th pf-config should become parameter actiontype set to <allports>, for example:

banaction = pf[actiontype="<allports>"]

@sebres
Copy link
Contributor

sebres commented Jul 12, 2019

BTW. did you followed the instructions from pf-config?

fail2ban/config/action.d/pf.conf

Lines 16 to 27 in d01fe9d

# we don't enable PF automatically; to enable run pfctl -e
# or add `pf_enable="YES"` to /etc/rc.conf (tested on FreeBSD)
# also, these rulesets are loaded into (nested) anchors
# to enable them, add as wildcard:
# anchor "f2b/*"
# or using jail names:
# anchor f2b {
# anchor name1
# anchor name2
# ...
# }
# to your main pf ruleset, where "namei" are the names of the jails

Additionally note that you can see all the values interpolated by start using:

fail2ban-client -d
# or
fail2ban-client -d | grep pfctl

So you'd be able to control your config values are correct.

And try to google whether pf is really correct banaction on your system (may be some other firewalls or packet filter systems which already have fail2ban actions are available on your system).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ebonsi @sebres