LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-05-2009, 12:44 PM   #1
roy-arne
LQ Newbie
 
Registered: Sep 2008
Posts: 26

Rep: Reputation: 15
fail2ban.server : ERROR Unexpected communication error


Hi,
I have a random set port number on my ftp. Still I'm struggeling with a verry high numbers of connections against my ftp. They hit every secound. I've encrypted my ftp, and no anonymus ftp is allowed. I've enabled iptables and fail2ban. But when I start fail2ban and check the log files it's full of this error:

fail2ban.server : ERROR Unexpected communication error

Have anyone seen that before?
 
Old 04-05-2009, 03:13 PM   #2
roy-arne
LQ Newbie
 
Registered: Sep 2008
Posts: 26

Original Poster
Rep: Reputation: 15
Happy to any suggestions about how to get the hammering on my ftpserver to stop.
 
Old 04-05-2009, 06:45 PM   #3
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 32
What do you mean by "encrypted FTP"? Did you mean that you are using SFTP instead?

Are you starting fail2ban as root? Try increasing the loglevel in the fail2ban configuration. That should give you soem more ifnromation on that error.

To stop the attacks, you could change the port that FTP is listetning to. Alternatively, you could use iptables to limit FTP connection rates to no more than 2 in a certain time, say 10 minutes:
Code:
iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --update --seconds 600 --hitcount 2 -j DROP
 
Old 04-12-2009, 04:22 PM   #4
roy-arne
LQ Newbie
 
Registered: Sep 2008
Posts: 26

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by saman007uk View Post
What do you mean by "encrypted FTP"? Did you mean that you are using SFTP instead?

Are you starting fail2ban as root? Try increasing the loglevel in the fail2ban configuration. That should give you soem more ifnromation on that error.

To stop the attacks, you could change the port that FTP is listetning to. Alternatively, you could use iptables to limit FTP connection rates to no more than 2 in a certain time, say 10 minutes:
Code:
iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 21 -i eth0 -m state --state NEW -m recent \
  --update --seconds 600 --hitcount 2 -j DROP
With encrypted I mean that I use TLS encryption.

I tried increasing the loglevel, but I got the same error, It did not give me any other hints.

I tried doing what you suggested with iptables. But still there is alot of connections against me. Why do you think changing the port will help? They are obviously port scanning me?
 
Old 04-12-2009, 04:43 PM   #5
saman007uk
Member
 
Registered: Dec 2003
Location: ~root
Distribution: Debian
Posts: 363

Rep: Reputation: 32
Try reinstalling fail2ban.

If you are getting many connections to FTP, it obviosuly is not a port scan - since port scans by definion SCANS against a range of ports. What you are describing is a brute force attack.
 
  


Reply

Tags
fail2ban, iptables, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban error messages at startup pwc101 Linux - Software 3 07-05-2010 07:00 AM
PHP Error Parse error: parse error, unexpected $ in /home/content/S/k/i/SkinCare4U/h CowanServices Programming 2 12-09-2008 08:26 PM
why am getting error ksh: syntax error: `fi' unexpected while running script deb4you Linux - Newbie 4 09-06-2008 08:37 AM
Backup Script error "line 31: syntax error: unexpected end of file" eswanepoel General 7 12-07-2007 09:28 AM
DHCP failover error: unexpected error rsmccain Linux - Networking 0 09-12-2007 04:12 PM


All times are GMT -5. The time now is 03:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration