# fail2ban problem: WARNING Unable to find a corresponding IP

## crimson

I use fail2ban and for the most part it works great.  But sometimes I get entries in my log like this that it cannot ban:

2008-08-19 03:17:02,238 fail2ban.filter : WARNING Unable to find a corresponding IP address for mail.mailmax.hu)

Does anyone know how to fix this?  It's annoying because usually I end up with 20-100 attempts by the same address, and they fail to be blocked.

----------

## crimson

OK, so I found out that this problem was occurring when someone would attempt to logon to pure-ftpd server.  

The fix was to make a small change to the /etc/fail2ban/filter.d/pure-ftpd.conf file.  I changed the line:

```
failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
```

to, escaping the ( and ) around HOST.

```
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$
```

Problem solved.

----------

## Kugar

I had the same problem and your solution solved the ")" problem but now I still have messages like : 

 *Quote:*   

> 2009-07-26 22:04:05,477 fail2ban.filter : WARNING Unable to find a corresponding IP address for ev1s-207-44-234-77.theplanet.com

 

Does someone have and Idea to solve it ?

I don't really know exactly howw fail2ban works but I don't understand why I have these messages as my pure-ftpd logs looks like : 

 *Quote:*   

> Jul 26 22:03:19 area51 pure-ftpd: (?@221.130.193.61) [WARNING] Authentication failed for user [Administrator]

 

----------

