Login attempts are logged in /var/log/ispconfig/auth.log
loglevel in ISPConfig is ERROR

See ISPConfig interface/web/login/index.phpAbout in line 310.

So you can directly create a filter rule in /etc/fail2ban/filter.d/ispconfig.conf with content:

failregex = ^Failed login for user (.*) from at
ignoreregex =

And add a jail to /etc/fail2ban/jail.local

enabled = true
port = http,https,8080
filter = ispconfig
logpath = /var/log/ispconfig/auth.log
maxretry = 3

Test it with:

fail2ban-regex /var/log/ispconfig/auth.log /etc/fail2ban/filter.d/ispconfig.conf

Restart fail2ban service

Solution tested with ISPConfig 3.1.9

myWebmail MXC01 Webmail MXC02 Nic


nic WWW24 - Domain Cloud - Meistbesuchte Domains




dein 24 Stunden Webhost Registries International
  WWW24 Internet Services © 2016/2017 - All Rights Reserved