How to setup FailtoBan emails? or stop them
I just got a notice in putty:
You have new mail in /var/spool/mail/root
I opened the file and I found many emails that look like this
`From root@ZZZZZ.contaboserver.net Fri Sep 4 15:02:36 2020
Return-Path: root@ZZZZZ.contaboserver.net
X-Original-To: root@localhost
Delivered-To: root@localhost.contaboserver.net
Received: by ZZZZZ.contaboserver.net (Postfix, from userid 0)
id D4F896C2B67; Fri, 4 Sep 2020 15:02:36 +0300 (EEST)
Subject: [Fail2Ban] sshd: banned 106.54.123.72 from ZZZZZ.contaboserver.net
Date: Fri, 04 Sep 2020 15:02:36 +0300
From: Fail2Ban root@ZZZZZ.contaboserver.net
To: root@localhost.contaboserver.net
Message-Id: 20200904120236.D4F896C2B67@ZZZZZ.contaboserver.net
Hi,
The IP 106.54.123.72 has just been banned by Fail2Ban after
5 attempts against sshd.
Here is more information about 106.54.123.72 :
missing whois program
Lines containing failures of 106.54.123.72 (max 1000)
Sep 4 14:55:08 ZZZZZ sshd[5104]: Did not receive identification string from 106.54.123.72 port 36324
Sep 4 14:57:55 ZZZZZ sshd[5269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.123.72 user=root
Sep 4 14:57:57 ZZZZZ sshd[5269]: Failed password for root from 106.54.123.72 port 44494 ssh2
Sep 4 14:57:57 ZZZZZ sshd[5269]: Received disconnect from 106.54.123.72 port 44494:11: Bye Bye [preauth]
Sep 4 14:57:57 ZZZZZ sshd[5269]: Disconnected from 106.54.123.72 port 44494 [preauth]
Sep 4 14:59:04 ZZZZZ sshd[5344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.123.72 user=root
Sep 4 14:59:06 ZZZZZ sshd[5344]: Failed password for root from 106.54.123.72 port 35172 ssh2
Sep 4 14:59:06 ZZZZZ sshd[5344]: Received disconnect from 106.54.123.72 port 35172:11: Bye Bye [preauth]
Sep 4 14:59:06 ZZZZZ sshd[5344]: Disconnected from 106.54.123.72 port 35172 [preauth]
Sep 4 15:00:16 ZZZZZ sshd[5420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.123.72 user=root
Sep 4 15:00:17 ZZZZZ sshd[5420]: Failed password for root from 106.54.123.72 port 54086 ssh2
Sep 4 15:00:17 ZZZZZ sshd[5420]: Received disconnect from 106.54.123.72 port 54086:11: Bye Bye [preauth]
Sep 4 15:00:17 ZZZZZ sshd[5420]: Disconnected from 106.54.123.72 port 54086 [preauth]
Sep 4 15:01:25 ZZZZZ sshd[5504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.123.72 user=root
Sep 4 15:01:26 ZZZZZ sshd[5504]: Failed password for root from 106.54.123.72 port 44760 ssh2
Sep 4 15:01:27 ZZZZZ sshd[5504]: Received disconnect from 106.54.123.72 port 44760:11: Bye Bye [preauth]
Sep 4 15:01:27 ZZZZZ sshd[5504]: Disconnected from 106.54.123.72 port 44760 [preauth]
Sep 4 15:02:34 ZZZZZ sshd[5575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.123.72 user=root
Sep 4 15:02:36 ZZZZZ sshd[5575]: Failed password for root from 106.54.123.72 port 35436 ssh2
Sep 4 15:02:36 ZZZZZ sshd[5575]: Received disconnect from 106.54.123.72 port 35436:11: Bye Bye [preauth]
Sep 4 15:02:36 ZZZZZ sshd[5575]: Disconnected from 106.54.123.72 port 35436 [preauth]
Regards,
Fail2Ban`
