Page tree
Skip to end of metadata
Go to start of metadata

Z-Push has a configuration option called LOGAUTHFAIL, by default set to false (disabled).

To enable it, set this configuration parameter to true

This will cause an additional log entry in WARN level that will be logged to z-push-error.log.


The log message looks like this:

IP: failed to authenticate user ''


For a systemd server, use:

# FILE : /etc/fail2ban/filter.d/z-push.conf
# Fail2Ban configuration file
before = common.conf
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
failregex = IP: <HOST> failed to authenticate user
ignoreregex =
journalmatch = _SYSTEMD_UNIT=fail2ban.service


No systemd server, remove these two lines: 

journalmatch = _SYSTEMD_UNIT=fail2ban.service


If using ufw as firewall:

# UFW file /etc/fail2ban/action.d/ufw-all.conf
# Fail2Ban configuration file ufw-all.conf 
# We add the rules to ufw for better control and management

actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any
actionunban = ufw delete deny from <ip> to any


This is the actual configuration for fail2ban:

# Jail.local
enabled  = true
port     = http,https
filter   = z-push
banaction = ufw-all
# also enable define('LOGAUTHFAIL', true); in z-push/config.php or /etc/z-push/z-push.conf.php
logpath  = /var/log/z-push/z-push-error.log
maxretry = 3
bantime  = 84600


The above configurations were contributed on 23.03.2016 by thctlo in the forum. Thanks!

  • No labels