Fail2Ban repeating ban/unban warnings

Hi guys,

I just noticed something streange and I'm a bit worried about it. Please look at this in my fail2ban.log :

Code:

2013-05-08 17:28:45,062 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 17:38:45,709 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 17:41:18,875 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 17:51:19,518 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 17:56:18,838 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 18:06:19,482 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 20:59:34,496 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 21:09:35,142 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 21:13:36,405 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 21:23:37,049 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 21:56:55,182 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 22:06:55,828 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168

This is a chinese IP and it looks like an attempt to enter my server, isn't it? Do I have to worry about this?

Thanks!

 

I'm no expert, but it looks like you're server is being attacked by an automated script from that IP address. The script is trying to ftp into your server.

Does the sequence continue on, or has it stopped?

 

Hi Darin,

Yes it stopped. I would like to ban this IP though, just in case. How can I do that in ISPConfig?

I'm having a problem with an IP I would like to unban on the other side. One of my clients can't connect on the FTP this time. How can I do that?

This ban/unban thing is a bit obscure for me...

Thanks for your help!

 

Hi Till,

Thank you very much for this answer!

No need for me to ban manually then? Seems awesome if it's automatic

Thanks!

 

That's right!