I've installed ISPConfig 3 on a vServer on which I'm not able to use iptables. I believe I was able to get fail2ban running via a php-scrip accessing the server's web-interface and adding/deleting the firewall-rules there (the script is working fine, but I haven't seen any ban-events triggered yet, which is very unusual, because we could observe break-in attempts permanently on the old server). The ISPConfig-log, however, keeps telling me the same thing over and over again: /var/log/ispconfig/cron.log: How can I make it stop - or maybe even fix it?
I think fail2ban should actually be working fine. As a workaround, I made the following changes in /etc/fail2ban/action.d/iptables-multiport.conf: So basically, everything is commented out and the actionban and actionunban are handled by a PHP-script which queries against the vServer-API. These changes were recommended by my hosting provider. After changing it as shown above, fail2ban was able to start again (I was getting a 300 error before). Here's what /var/log/fail2ban.log says: So fail2ban seems to be running correctly, BUT: It doesn't seem to care about the filters, because nothing happens (and nothing is logged) even when I try to provoke a ban on purpose. And I suppose it has something to do with ISPConfig endlessly reporting that one error over and over again in /var/log/ispconfig/cron.log: But if fail2ban is running, what else could be causing that error?
The errors are most likely caused by the ispconfig monitor which checks your server every 5 minutes. Search for iptables in the file /usr/local/ispconfig/server/lib/classes/monitor_tools.inc.php
