Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Definition]
- failregex = .* from ip <HOST>
- [express-js]
- enabled = true
- filter = expressjs
- logpath = /var/log/expressjs/slowin-killer.log
- maxretry = 5
- bantime = 3600
- findtime = 600
- [20-5-2017 20:49:57] Failed to authentificate user "dinath.contact@gmail.comdddd" from ip 127.0.0.1
- [20-5-2017 20:57:19] Failed to authentificate user "dinath.contact@gmail.comdddd" from ip 127.0.0.1
- [20-5-2017 20:59:20] Failed to authentificate user "dinath.contact@gmail.comdddd" from ip 127.0.0.1
- [20-5-2017 21:12:47] Failed to authentificate user "dinath.contact@gmail.comdddd" from ip 127.0.0.1
- [20-5-2017 21:16:9] Failed to authentificate user "dinath.contact@gmail.comdddd" from ip 127.0.0.1
- $ fail2ban-client status expressjs
- Status for the jail: expressjs
- |- Filter
- | |- Currently failed: 0
- | |- Total failed: 0
- | `- File list: /var/log/expressjs/slowin-killer.log
- `- Actions
- |- Currently banned: 0
- |- Total banned: 0
- `- Banned IP list:
- Running tests
- =============
- Use failregex filter file : expressjs, basedir: /etc/fail2ban
- Use log file : /var/log/expressjs/slowin-killer.log
- Use encoding : UTF-8
- Results
- =======
- Failregex: 27 total
- |- #) [# of hits] regular expression
- | 1) [27] .* from ip <HOST>
- `-
- Ignoreregex: 0 total
- Date template hits:
- |- [# of hits] date format
- | [34] Day(?P<_sep>[-/])Month(?P=_sep)(?:Year|Year2) 24hour:Minute:Second
- | [1] (?:DAY )?MON Day Year 24hour:Minute:Second(?:.Microseconds)?
- `-
- Lines: 162 lines, 0 ignored, 27 matched, 135 missed
- [processed in 0.01 sec]
- Missed line(s): too many to print. Use --print-all-missed to print all 135 lines
- findtime
- time interval (in seconds) before the current time where failures will count towards a ban.
- maxretry
- number of failures that have to occur in the last findtime seconds to ban then IP.
Add Comment
Please, Sign In to add comment
