Software: nginx/1.23.4. PHP/5.6.40-65+ubuntu20.04.1+deb.sury.org+1 

uname -a: Linux foro-restaurado-2 5.15.0-1040-oracle #46-Ubuntu SMP Fri Jul 14 21:47:21 UTC 2023
aarch64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/etc/fail2ban/filter.d/   drwxr-xr-x
Free 82.98 GB of 96.73 GB (85.79%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     recidive.conf (1.34 KB)      -rw-r--r--

# Fail2Ban filter for repeat bans
#
# This filter monitors the fail2ban log file, and enables you to add long 
# time bans for ip addresses that get banned by fail2ban multiple times.
#
# Reasons to use this: block very persistent attackers for a longer time, 
# stop receiving email notifications about the same attacker over and 
# over again.
#
# This jail is only useful if you set the 'findtime' and 'bantime' parameters 
# in jail.conf to a higher value than the other jails. Also, this jail has its
# drawbacks, namely in that it works only with iptables, or if you use a 
# different blocking mechanism for this jail versus others (e.g. hostsdeny 
# for most jails, and shorewall for this one).

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = (?:fail2ban(?:-server|\.actions)\s*)

# The name of the jail that this filter is used for. In jail.conf, name the jail using
# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
_jailname = recidive

failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$

datepattern = ^{DATE}

ignoreregex = 

journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5

# Author: Tom Hendrikx, modifications by Amir Caspi