Good morning,
I'm an amateur with linux and toy around with a VPS for a few years now. I've
used Fail2ban to help protect it and have for many years. I've never had this
issue before, but now all my emails sent about blocks have the wrong hostname
in the subject line. Right now running the latest ubuntu.
The issue my domain name is abc.com so before around early March I would see an
email subject line similar to the below:
[Fail2Ban] sshd: banned xxx.xxx.xx.xxx from abc.com
*NOW*
[Fail2Ban] sshd: banned xxx.xxx.xx.xxx from xyz.com
This coincided when I did an apt-get update/upgrade around early March, which I
believe updated my Fail2Ban as well. I dont believe this changed my
personalized settings and I checked and dont recall anything out place.
Ironically enough, this only happens on my SSHD alerts, I just noticed that i
have recent apache alerts that have the correct domain in the subject line.
I've searched the entire filesystem for xyz.com and cant find any trace of it
in anything. I've run linux security scanners to check no malware/hack. Just
odd.
The next strange thing is I opened a ticket with my VPS host and they indicated
they didn't see anything wrong as my headers were showing the correct hostname,
and their info showed the correct hostname, but this new hostname that started
showing up was the *HOSTNAME FROM THE CUSTOMER THAT WAS ON THE VPS BEFORE ME*
Strange right?
Any ideas?
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
