Locked out of server

Hey, I know this is silly but I locked myself out of my server by entering wrong user/pass several times. Once I used to know where to disable the blocking or whitelist my client IP, but now I don’t know.

Help pleeeez? :slight_smile:

TIA

fail2ban in action. If no physical access you can wait for the blocking period time to expire or connect from a different IP address.

2 Likes

:slight_smile:

Thanks

Yep. Thanks. Luckily I am playing with a Contabo VPS that comes with VNC console access by default too.

2 Likes

You can use an incremental ban time instead of recidive. I set few minutes ban time, each bad attempt and the ban time is x2

An attacker will be banned quickly for a long time but your users won’t be locked out too much time

2 Likes

Thanks Stéphane!

2 Likes

Many thanks!

1 Like

I had this a few times myself. Luckily I could fix it using my mobile connection. And now I have a permanent IP address at home so I can whitelist that IP address for F2B.

1 Like

I also use whitelisting because one of my clients within my LAN and connected to the internet by the same WAN-IP hammers against fail2ban. How can I identify, which client it is?
Sincerely, Marko

Hi Marko,

I think if you will enable “Allow bans on the LAN” for a while, you will identify the client’s IP.

BR,
Gabriel

Yes, but only the WAN-IP is logged. My question is, how can I identify the single one problem client behind the one-for-all WAN-IP.

When I installed for the first time F2B, I enabled also this option and if I remember well, the banned LAN IPs, were in the list with banned IPs from Unban section. But maybe I’m wrong.

Maybe @stephdl will tell us the right way to solve your problem.

If you use NethServer inside a LAN, no probem; not as Root server via external data center.

1 Like

You are right!
In that time, my NS was installed also as a GW.

Sorry not sure to understand, all is logged to /var/log/fail2ban.log, maybe if he is behind a gateway you cannot determine what is the IP but if you can figure what is the jail that has banned you client you can check in the log of the relevant application what is the login of your users.

eg: if Sogo jail has banned your client you can check in the SOGo log what login is triggering the SOGo jail

2 Likes

So… time for a “Fail2Ban For Dummies” topic.
Where a sysadmin can evaluate, test and assess the “desired” Fail2Ban behavior, including some crash test procedures and some… (sort of) backdoor/unlock procedures creation and test.

A good way to find in log what have matched is fail2ban-regex

fail2ban-regex /path/2/log /etc/fail2ban/filter.d/myFilter.conf --print-all-matched

3 posts were split to a new topic: Crowdsec the next fail2ban generation

Yes, I use that. But I always get the WAN-IP.
I think I need an analysis strategy to find the single client in my LAN that triggers fail2ban.