Fail2ban - Wordpress help

Support
1

My YunoHost server

Hardware: VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / …
YunoHost version: 4.3.3
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

On occassion I do a “Diagnosis” on my server just to check all is well and yes everything appears fine.

I have been getting this however on occasion and I’m not to sure where to start:

There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.

I ssh into my server and ran fail2ban to have a look at the logs with:

sudo tail /var/log/fail2ban.log

The return is the following:

2021-11-20 08:11:14,010 fail2ban.transmitter [505]: WARNING Command [‘start’, ‘wordpress__3’] has failed. Received UnknownJailException(‘wordpress__3’)
2021-11-20 08:11:14,011 fail2ban [505]: ERROR NOK: (‘wordpress__3’,)
2021-11-20 08:11:14,012 fail2ban.transmitter [505]: WARNING Command [‘start’, ‘wordpress__4’] has failed. Received UnknownJailException(‘wordpress__4’)
2021-11-20 08:11:14,012 fail2ban [505]: ERROR NOK: (‘wordpress__4’,)
2021-11-20 08:11:14,013 fail2ban.transmitter [505]: WARNING Command [‘start’, ‘wordpress__5’] has failed. Received UnknownJailException(‘wordpress__5’)
2021-11-20 08:11:14,014 fail2ban [505]: ERROR NOK: (‘wordpress__5’,)
2021-11-20 08:11:14,014 fail2ban.transmitter [505]: WARNING Command [‘start’, ‘wordpress__6’] has failed. Received UnknownJailException(‘wordpress__6’)
2021-11-20 08:11:14,015 fail2ban [505]: ERROR NOK: (‘wordpress__6’,)
2021-11-20 08:11:14,015 fail2ban.transmitter [505]: WARNING Command [‘start’, ‘yunohost’

I’m a bit stuck as there are no ip addresses to unban. All of the websites listed work fine so I’m stuck!

I am ignoring this message but I’m curious to know what’s going on?

Kind regards

dj

2

Uuuuh but is fail2ban running then ?

1 Like
3

@Aleks, hi yes I did

sudo fail2ban-client status

and got back:

Status
|- Number of jail: 0
`- Jail list:

The service is showing as running is the YNH Services. However, the log

/var/log/fail2ban.log

is showing:

> 2021-11-20 08:11:13,975 fail2ban                [505]: ERROR   NOK: ('yunohost',)
> 2021-11-20 08:11:13,975 fail2ban.transmitter    [505]: WARNING Command ['set', 'yunohost', 'addignoreip', '127.0.0.1/8'] has failed. Received UnknownJailException('yunohost')
> 2021-11-20 08:11:13,977 fail2ban                [505]: ERROR   NOK: ('yunohost',)
> 2021-11-20 08:11:13,978 fail2ban.transmitter    [505]: WARNING Command ['set', 'yunohost', 'addaction', 'iptables-multiport'] has failed. Received UnknownJailException('yunohost')
> 2021-11-20 08:11:13,978 fail2ban                [505]: ERROR   NOK: ('yunohost',)
> 2021-11-20 08:11:13,979 fail2ban.transmitter    [505]: WARNING Command ['multi-set', 'yunohost', 'action', 'iptables-multiport', [['actionstart', '<iptables> -N f2b-yunohost\n<iptables> -A f2b-yunohost -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports http,https -j f2b-yunohost'], ['actionstop', '<iptables> -D INPUT -p tcp -m multiport --dports http,https -j f2b-yunohost\n<iptables> -F f2b-yunohost\n<iptables> -X f2b-yunohost'], ['actionflush', '<iptables> -F f2b-yunohost'], ['actioncheck', "<iptables> -n -L INPUT | grep -q 'f2b-yunohost[ \\t]'"], ['actionban', '<iptables> -I f2b-yunohost 1 -s <ip> -j <blocktype>'], ['actionunban', '<iptables> -D f2b-yunohost -s <ip> -j <blocktype>'], ['name', 'yunohost'], ['bantime', '600'], ['port', 'http,https'], ['protocol', 'tcp'], ['chain', 'INPUT'], ['actname', 'iptables-multiport'], ['blocktype', 'REJECT --reject-with icmp-port-unreachable'], ['returntype', 'RETURN'], ['lockingopt', '-w'], ['iptables', 'iptables <lockingopt>'], ['blocktype?family=inet6', 'REJECT --reject-with icmp6-port-unreachable'], ['iptables?family=inet6', 'ip6tables <lockingopt>']]] has failed. Received UnknownJailException('yunohost')
> 2021-11-20 08:11:13,980 fail2ban                [505]: ERROR   NOK: ('yunohost',)
> 2021-11-20 08:11:13,981 fail2ban.transmitter    [505]: WARNING Command ['start', 'sshd'] has failed. Received UnknownJailException('sshd')
> 2021-11-20 08:11:13,982 fail2ban                [505]: ERROR   NOK: ('sshd',)
> 2021-11-20 08:11:13,982 fail2ban.transmitter    [505]: WARNING Command ['start', 'nginx-http-auth'] has failed. Received UnknownJailException('nginx-http-auth')
> 2021-11-20 08:11:13,983 fail2ban                [505]: ERROR   NOK: ('nginx-http-auth',)
> 2021-11-20 08:11:13,984 fail2ban.transmitter    [505]: WARNING Command ['start', 'postfix'] has failed. Received UnknownJailException('postfix')
> 2021-11-20 08:11:13,985 fail2ban                [505]: ERROR   NOK: ('postfix',)
> 2021-11-20 08:11:13,985 fail2ban.transmitter    [505]: WARNING Command ['start', 'dovecot'] has failed. Received UnknownJailException('dovecot')
> 2021-11-20 08:11:13,986 fail2ban                [505]: ERROR   NOK: ('dovecot',)
> 2021-11-20 08:11:13,987 fail2ban.transmitter    [505]: WARNING Command ['start', 'recidive'] has failed. Received UnknownJailException('recidive')
> 2021-11-20 08:11:13,988 fail2ban                [505]: ERROR   NOK: ('recidive',)
> 2021-11-20 08:11:13,989 fail2ban.transmitter    [505]: WARNING Command ['start', 'pam-generic'] has failed. Received UnknownJailException('pam-generic')
> 2021-11-20 08:11:13,989 fail2ban                [505]: ERROR   NOK: ('pam-generic',)
> 2021-11-20 08:11:13,990 fail2ban.transmitter    [505]: WARNING Command ['start', 'nextcloud'] has failed. Received UnknownJailException('nextcloud')
> 2021-11-20 08:11:13,991 fail2ban                [505]: ERROR   NOK: ('nextcloud',)
> 2021-11-20 08:11:13,992 fail2ban.transmitter    [505]: WARNING Command ['start', 'piwigo'] has failed. Received UnknownJailException('piwigo')
> 2021-11-20 08:11:13,995 fail2ban                [505]: ERROR   NOK: ('piwigo',)
> 2021-11-20 08:11:13,996 fail2ban.transmitter    [505]: WARNING Command ['start', 'rainloop'] has failed. Received UnknownJailException('rainloop')
> 2021-11-20 08:11:13,997 fail2ban                [505]: ERROR   NOK: ('rainloop',)
> 2021-11-20 08:11:13,998 fail2ban.transmitter    [505]: WARNING Command ['start', 'rainloop__2'] has failed. Received UnknownJailException('rainloop__2')
> 2021-11-20 08:11:13,999 fail2ban                [505]: ERROR   NOK: ('rainloop__2',)
> 2021-11-20 08:11:14,000 fail2ban.transmitter    [505]: WARNING Command ['start', 'rainloop__3'] has failed. Received UnknownJailException('rainloop__3')
> 2021-11-20 08:11:14,001 fail2ban                [505]: ERROR   NOK: ('rainloop__3',)
> 2021-11-20 08:11:14,002 fail2ban.transmitter    [505]: WARNING Command ['start', 'rainloop__4'] has failed. Received UnknownJailException('rainloop__4')
> 2021-11-20 08:11:14,003 fail2ban                [505]: ERROR   NOK: ('rainloop__4',)
> 2021-11-20 08:11:14,004 fail2ban.transmitter    [505]: WARNING Command ['start', 'rainloop__5'] has failed. Received UnknownJailException('rainloop__5')
> 2021-11-20 08:11:14,005 fail2ban                [505]: ERROR   NOK: ('rainloop__5',)
> 2021-11-20 08:11:14,005 fail2ban.transmitter    [505]: WARNING Command ['start', 'wallabag2'] has failed. Received UnknownJailException('wallabag2')
> 2021-11-20 08:11:14,006 fail2ban                [505]: ERROR   NOK: ('wallabag2',)
> 2021-11-20 08:11:14,007 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress'] has failed. Received UnknownJailException('wordpress')
> 2021-11-20 08:11:14,008 fail2ban                [505]: ERROR   NOK: ('wordpress',)
> 2021-11-20 08:11:14,009 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress__2'] has failed. Received UnknownJailException('wordpress__2')
> 2021-11-20 08:11:14,010 fail2ban                [505]: ERROR   NOK: ('wordpress__2',)
> 2021-11-20 08:11:14,010 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress__3'] has failed. Received UnknownJailException('wordpress__3')
> 2021-11-20 08:11:14,011 fail2ban                [505]: ERROR   NOK: ('wordpress__3',)
> 2021-11-20 08:11:14,012 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress__4'] has failed. Received UnknownJailException('wordpress__4')
> 2021-11-20 08:11:14,012 fail2ban                [505]: ERROR   NOK: ('wordpress__4',)
> 2021-11-20 08:11:14,013 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress__5'] has failed. Received UnknownJailException('wordpress__5')
> 2021-11-20 08:11:14,014 fail2ban                [505]: ERROR   NOK: ('wordpress__5',)
> 2021-11-20 08:11:14,014 fail2ban.transmitter    [505]: WARNING Command ['start', 'wordpress__6'] has failed. Received UnknownJailException('wordpress__6')
> 2021-11-20 08:11:14,015 fail2ban                [505]: ERROR   NOK: ('wordpress__6',)
> 2021-11-20 08:11:14,015 fail2ban.transmitter    [505]: WARNING Command ['start', 'yunohost'] has failed. Received UnknownJailException('yunohost')
> 2021-11-20 08:11:14,016 fail2ban                [505]: ERROR   NOK: ('yunohost',)
> 2021-11-21 00:00:03,983 fail2ban.server         [505]: INFO    rollover performed on /var/log/fail2ban.log

Which is basically all the apps I run on my server. Everything is working fine, it's just that in diagnostics this error has been appearing for the past 10 days or so. A reboot clears it so it builds up over time.

Any ideas? and thanks again

Best wishes

dj
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.