Hi all,
I always used fail2ban without any problems, today I noticed after an update
that fail2ban is pushing one of my eight core to 100%.

is there someone experiencing this problem?
any idea?

My idea would be to remove fail2ban.

Unless you have password authentication turned on with guessable user names and passwords it doesn't improve security. At best it delays attackers and gives you a false sense of security. If you want to stop password guessing attempts flooding your logs then set up connection rate limiting with iptables. Iptables is fast, kernel level, memory efficient niceness, and doesn't require daemons that go bananas and kill your CPU.

I have password auth on cacti, phpMyAdmin and squirrelmail.
I solved the 100% by forcing logrotate, too many logs to inspect

Bind cacti, phpmyadmin and squirrel mail to localhost and access them over an ssh tunnel. Far more secure

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I don't need nasa security, I need a secure system only.
Putting squirrelmail or even phpmyadmin accessible only via ssh tunnel is a nonsense.
Webmail is useful if accessible from everywhere using a browser only, phpmyadmin is something similar.

There have been some serious security holes in phpmyadmin that could possibly be used to execute arbitrary php on your server. Phpmyadmin really should not be exposed to the internet, accessing it over a SSH tunnel instead isn't a bad idea. Squirrelmail should be safe as long as you use it over SSL and trust every machine you type your password into.

You know, it may be silly, but I keep all such "fragile" services on SSL, and behind plain ol' .htpasswd.
Just so in order to hit security holes in the app, they first need to also hit a security hole in Apache.

_________________
rsk, providing useless advice on the Internet since 2005.

If you don't like the ideas suggested, at least consider moving the phpmyadmin URL to something less guessable. These instructions might help (it's very easy to do).

deleted

Security is not just for space travel

Given that it's Urban Dictionary, the practice described (while still NSFW) was relatively tame compared to what I was expecting them to come up with for this: