Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fail2Ban: login_log filter webmaild

Discussion in 'Security' started by Bouke, Dec 26, 2017.

  1. Bouke

    Bouke Registered

    Joined:
    Dec 26, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Hello,

    I would like to use a Fail2Ban filter for the cPanel login_log (/usr/local/cpanel/logs).
    Unfortunately I am not experienced with these filters. I can't figure out a working regex for webmaild.

    I would like to filter rules like these:

    [2017-12-26 20:59:45 +0100] info [webmaild] 123.123.123.123 - test2@domain.com "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN webmaild: user password hash is missing from system (user probably does not exist)

    [2017-12-26 21:00:59 +0100] info [webmaild] 123.123.123.123 - test1@domain.com "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN webmaild: user password incorrect

    I am not sure how to write the required failregex lines. I am hoping some could kindly help me, please.
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    577
    Likes Received:
    176
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,455
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I concur with @rpvw. CSF is likely the best approach if you'd like to avoid writing custom rules.

    Thank you.
     
  4. Bouke

    Bouke Registered

    Joined:
    Dec 26, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    Many thanks as this is very helpful. I am surprised that CSF works out of the box (although I have changed some things).
     
Loading...
Similar Threads - Fail2Ban login_log filter
  1. Zabidin
    Replies:
    1
    Views:
    629

Share This Page