> On Tuesday, March 5, 2024 at 11:36:49 PM GMT+3:30, James Moe via > Fail2ban-users <fail2ban-users@lists.sourceforge.net> wrote:
> On 2024-03-05 04:14, Jason Long via Fail2ban-users wrote: > How can I block someone who has entered the wrong password three times in any > given time period? --[ Jail definition ]-- bantime.increment = true bantime.factor = 1 bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor [jail-name] enabled = true port = smtp,465,submission logpath = /path/to/maillog.txt datepattern = %%Y-%%m-%%d_%%H:%%M:%%S logencoding = utf-8 # # bantime = 26w 15h bantime = 182.62d maxretry = 3 findtime = 2w action = iptables-multiport[name=jname, port="smtp,465,submission", protocol=tcp] --[ end ]-- Then create a filter in filter.d that matches the failed login log entry. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users Hello, Thanks. I need this strategy for SSH service. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
