-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR]: qbittorrent-nox #3738
Comments
failregex = ^\(W\)\s*-\s*WebAPI login failure\. Reason: [^,]+(?:, (?!IP:)[^,]+)*, IP:\s*<ADDR>, username:\s*<F-USER>\S*</F-USER> |
Thank you! Just tried it:
Sorry, meant to add, it did not hit.
|
You seem to have fail2ban-regex "$line_or_file" '^\(W\)\s*-\s*WebAPI login failure\. Reason: [^,]+(?:, (?!IP:)[^,]+)*, IP:\s*<ADDR>, username:\s*<F-USER>\S*</F-USER>' |
You sir, are a gentleman and a scholar, I was using the filter file directly but in my haste to try it out I didn't fully delete the old line. That works perfectly. Thank you ever so much. I will submit a PR with the filter included.
|
So this is crazy, my jail is in my first post and here is the test of the filter, specifying the file:
But when I query jail status I get this, and the only reason there is a 1 is because I did
I did 5 failed attempts and qBit auto IP banned me, but that is not a ufw block. The jail is exactly the same as my nextcloud one which works fine. I don't know where to start about debugging this now. Server time is currently 2024-05-06T21:52:56 so these fails are within the find time. |
The reload (or even restart) of jail/fail2ban would not rescan the log - fail2ban knows the last position in the log-file, so after reload it sees only the new messages. You have either to wait for new messages or to produce failures by yourself.
What is "qBit auto"? I don't understand the sentence.
Here is a small FAQ which can help here - https://github.com/fail2ban/fail2ban/wiki/How-fail2ban-works |
Ah, I am an idiot and didn't even think about the |
Nevermind, I am an idiot, I must have added the subnet to the config when I set it up years ago. The entire subnet is indeed in the ignore line in
Sorry for being an idiot and wasting your time, thanks for all you do. If you have a charity you would like me to donate to in exchange for your time spent helping me please let me know. |
Environment:
Service, project or product which log or journal should be monitored
Log or journal information
Any additional information
Relevant lines from monitored log files:
failures in sense of fail2ban filter (fail2ban must match):
I had this a lot tighter, i.e. without such wildcards, but I am trying to make it work at all and cannot and I am losing my mind at this stage.
legitimate messages (fail2ban should not consider as failures):
My existing attempt in /etc/fail2ban/filter.d/qbittorrent.conf
I already have a jail and filter setup, what I cannot understand is why this filter doesn't work. I ran fail2ban-regex -l heavydebug and it ignores all lines in the file but matches the date using the default.
I can make the regext work fine in the regex tools online by removing the ^ and putting something like .* at the start so it matches the full line, I just cannot figure out why it's not working the way the examples show me this should be.
Here is my jail file (even though it's not in use in the fail2ban-regex
The text was updated successfully, but these errors were encountered: