Fail2ban constantly reports warnings banning ip addresses. This eventually causes apache to stop responding and needs restarting. Am I being attacked constantly? I had a look at the IP address of one of the banned entries and it appears to be DCS Pacific which looks like a hosting company. Surely another hosting company isn't trying to crash my server?? I am the only person with legitimate ssh access to my servers. Does anyone else experience this? 2010-10-03 10:45:33,659 fail2ban.actions: WARNING [ssh] Unban 206.217.137.184 2010-10-03 10:49:12,675 fail2ban.actions: WARNING [ssh] Unban 41.130.234.116 2010-10-03 17:27:00,003 fail2ban.jail : INFO Jail 'ssh' stopped 2010-10-03 17:35:42,507 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2010-10-03 17:35:42,526 fail2ban.jail : INFO Creating new jail 'ssh' 2010-10-03 17:35:42,526 fail2ban.jail : INFO Jail 'ssh' uses poller 2010-10-03 17:35:42,774 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2010-10-03 17:35:42,776 fail2ban.filter : INFO Set maxRetry = 6 2010-10-03 17:35:42,777 fail2ban.filter : INFO Set findtime = 600 2010-10-03 17:35:42,778 fail2ban.actions: INFO Set banTime = 600 2010-10-03 17:35:42,886 fail2ban.jail : INFO Jail 'ssh' started 2010-10-03 18:34:25,050 fail2ban.actions: WARNING [ssh] Ban 78.101.169.35 2010-10-03 18:44:25,066 fail2ban.actions: WARNING [ssh] Unban 78.101.169.35 2010-10-03 20:07:33,090 fail2ban.actions: WARNING [ssh] Ban 83.237.215.84 2010-10-03 20:17:33,158 fail2ban.actions: WARNING [ssh] Unban 83.237.215.84 2010-10-03 20:45:37,178 fail2ban.actions: WARNING [ssh] Ban 94.179.99.171 2010-10-03 20:55:37,210 fail2ban.actions: WARNING [ssh] Unban 94.179.99.171 2010-10-04 00:15:08,231 fail2ban.actions: WARNING [ssh] Ban 184.106.241.145 2010-10-04 00:25:08,491 fail2ban.actions: WARNING [ssh] Unban 184.106.241.145 2010-10-04 00:26:15,586 fail2ban.actions: WARNING [ssh] Ban 190.42.208.209 2010-10-04 00:36:15,606 fail2ban.actions: WARNING [ssh] Unban 190.42.208.209 2010-10-04 00:39:26,622 fail2ban.actions: WARNING [ssh] Ban 88.198.11.232 2010-10-04 00:49:26,638 fail2ban.actions: WARNING [ssh] Unban 88.198.11.232 2010-10-04 01:55:43,678 fail2ban.actions: WARNING [ssh] Ban 211.254.130.116 2010-10-04 02:05:43,718 fail2ban.actions: WARNING [ssh] Unban 211.254.130.116 2010-10-04 03:12:23,838 fail2ban.actions: WARNING [ssh] Ban 216.17.111.135 2010-10-04 03:22:23,854 fail2ban.actions: WARNING [ssh] Unban 216.17.111.135 2010-10-04 06:57:00,890 fail2ban.actions: WARNING [ssh] Ban 93.153.189.85 2010-10-04 07:07:01,078 fail2ban.actions: WARNING [ssh] Unban 93.153.189.85 2010-10-04 09:43:04,102 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 09:53:04,150 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 09:56:09,174 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 10:06:09,230 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 10:08:33,246 fail2ban.actions: WARNING [ssh] Ban 41.238.224.28 2010-10-04 10:08:40,263 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 10:08:40,282 fail2ban.actions: WARNING [ssh] Ban 212.98.166.61 2010-10-04 10:18:33,298 fail2ban.actions: WARNING [ssh] Unban 41.238.224.28 2010-10-04 10:18:40,314 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 10:18:40,332 fail2ban.actions: WARNING [ssh] Unban 212.98.166.61 2010-10-04 10:21:23,350 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 10:23:12,366 fail2ban.actions: WARNING [ssh] Ban 91.149.187.72 2010-10-04 10:31:23,382 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 10:33:12,398 fail2ban.actions: WARNING [ssh] Unban 91.149.187.72 2010-10-04 10:33:25,414 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 10:43:25,434 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 10:45:44,450 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 10:55:44,466 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 10:58:43,482 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 11:08:43,514 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 11:11:49,534 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 11:21:49,558 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 11:24:18,574 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 11:34:18,590 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 11:36:40,606 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 11:46:40,622 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 11:49:38,638 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 11:59:38,654 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 12:01:50,682 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 12:02:23,698 fail2ban.actions: WARNING [ssh] Ban 121.119.160.134 2010-10-04 12:11:50,714 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 12:12:23,730 fail2ban.actions: WARNING [ssh] Unban 121.119.160.134 2010-10-04 12:14:54,746 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 12:24:54,762 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 12:28:17,778 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 12:38:17,794 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 12:41:24,810 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 12:51:24,826 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 12:54:12,842 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 13:04:12,858 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 13:06:58,874 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 13:16:58,898 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 13:19:36,914 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 13:29:36,930 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 13:33:40,962 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 13:43:40,978 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 13:46:33,994 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103 2010-10-04 13:56:34,010 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103 2010-10-04 16:56:45,042 fail2ban.actions: WARNING [ssh] Ban 220.127.174.119 2010-10-04 17:06:45,062 fail2ban.actions: WARNING [ssh] Unban 220.127.174.119 2010-10-04 18:26:09,314 fail2ban.actions: WARNING [ssh] Ban 218.241.161.186 2010-10-04 18:36:09,547 fail2ban.actions: WARNING [ssh] Unban 218.241.161.186 2010-10-04 19:15:59,694 fail2ban.actions: WARNING [ssh] Ban 216.245.208.93 2010-10-04 19:25:59,730 fail2ban.actions: WARNING [ssh] Unban 216.245.208.93 2010-10-04 20:48:59,762 fail2ban.actions: WARNING [ssh] Ban 153.65.20.115 2010-10-04 20:58:59,866 fail2ban.actions: WARNING [ssh] Unban 153.65.20.115 2010-10-04 22:07:03,902 fail2ban.actions: WARNING [ssh] Ban 41.234.76.58 2010-10-04 22:17:03,986 fail2ban.actions: WARNING [ssh] Unban 41.234.76.58 2010-10-05 08:20:16,110 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12 2010-10-05 08:30:16,226 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12 2010-10-05 08:31:03,242 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12 2010-10-05 08:41:03,258 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12 2010-10-05 08:52:10,278 fail2ban.actions: WARNING [ssh] Ban 118.129.166.120 2010-10-05 08:52:35,294 fail2ban.actions: WARNING [ssh] Ban 190.232.206.129 2010-10-05 09:02:10,326 fail2ban.actions: WARNING [ssh] Unban 118.129.166.120 2010-10-05 09:02:35,342 fail2ban.actions: WARNING [ssh] Unban 190.232.206.129
Thats normal, so nothing to worry about. This happens to every computer which is connected to the internet all the time. Fail2ban is installed to block such attempts. The ssh login attempst are not related to apache response problems, so if you have any problems with apache, then you should investigate this in the apache error.log and syslog.
I'll have a look at the logs... Strange though that when I block ssh ports via the router all problems stop.
