Fail2ban

Fail2ban is a software that is used to prevent massive connection attempts, it is free software and in MaadiX it comes installed by default. The basic function of Fail2ban is to prevent intrusions that may come from brute force attacks (attacks that consist of testing thousands of connection attempts to try to find a valid user/password combination).

It works as follows: when there are a certain number of unsuccessful attempts to access the server, fail2ban blocks the IP address from which access is attempted.

In Maadix, fail2ban is activated for the following services:

  • apache: the web server for web applications, nextcloud, discourse, etc

  • sshd: the protocol for remote and secure communication with our server to access the command line.

  • ssh-ddos: specific implementation of ssh to protect the server from distributed denial of service attacks (ddos).

  • dovecot: IMAP/POP3 server to connect to the email accounts.

  • mxcp: the MaadiX graphical interface (The Control Panel).

  • sasl: framework de seguridad instalado en el servidor para sincronizar y autenticar protocolos de conexión y autenticación.

At fail2ban, the protection for each of these services is called jails.

Unlocking an IP

It may happen that a person repeatedly fails to insert the password trying to access a service and fail2ban blocks them. The duration of the blocking is 12h, except for the control panel which will only be 1h.

When this happens (and you don’t want to wait 12h to recover access), you will have to enter the server via SSH to unblock the IP address that has been blocked.

You will need to run commands for which system administration permissions are required, so you will need to login with the Superuser account:

ssh superuser@servername.maadix.net

Note: If it is your own IP that is blocked you will not be able to access the server, it will return a “Connection Refused” error. We recommend you connecting to a VPN, a different network, or using a cell phone data connection, so that you can log in from an IP other than the one that is blocked.

if you use the VPN connection of the same MaadiX server you want to access, the way to bypass the blocking is to access using the IP of the OpenVpn server with the following command: ssh username@10.8.0.1

To unblock an IP we must first find out which IP. You can go to any search engine to check “what is my ip”, hundreds of results will show the IP address of your connection (for example https://cualesmiip.com).

All the people of the same office or home, who are connected to the same router will go out to the Internet with the same IP (public IP), so it can happen that a whole office or home is denied access to the server (or any of its services).

Once we know the blocked IP, it can be unblocked with the following command:

sudo fail2ban-client set <JAIL> unbanip <IP_TO_UNBLOCK>

Here you have some examples to unblock IP 4.4.4.4:

  • For SSH and SFTP connections:

sudo fail2ban-client set sshd unbanip 4.4.4.4

  • For Nextcloud, Owncloud, Rainloop (webmail) or other application that works over Apache:

sudo fail2ban-client set apache unbanip 4.4.4.4

  • For the control panel:

sudo fail2ban-client set mxcp unbanip 4.4.4.4

  • For imap and pop3 (access to emails)

sudo fail2ban-client set dovecot unbanip 4.4.4.4

  • For smtp (send e-mails):

sudo fail2ban-client set sasl unbanip 4.4.4.4

The jails enabled by default in MaadiX are: sshd, ssh-ddos, apache, dovecot, mxcp and sasl.

To check the status of each jail and see which IPs are blocked, you can run this command:

sudo fail2ban-client status <JAIL>

To check the status of each jail and see which IPs are blocked, you can this command:

sudo fail2ban-client status

You can check fail2ban logs at: /var/log/fail2ban.log

If you want to investigate more about fail2ban, you can visit the official Fail2ban website.