Does anybody know if fail2ban-server (which blacklists connections to prevent DDOS attacks) get activated when people enter the wrong password too many times on the ERPNext web interface? Or does it get activated when a ssh connection is attempted?

fail2ban-server ends up occupying close to 100% CPU utilization and makes ERPNext crawl.

The other reason is frappe gunicorn makes the CPU utilization climb up to close to 100%. Anybody know why? And how to manage this?



You can configure which items get “watched”. I think by default SSH is monitored, but you can adjust almost any item in/out of the watchlist(s).

To check enabled jails

sudo fail2ban-client status

In many cases, excessive fail2ban CPU is caused by logrotate problems.

For what its worth…

I had the same problem on a server that was an image mirror of another functional server. I deleted everything in the site_config.json except the db_name and the db_password lines, then executed the following commands:

bench setup nginx
sudo service nginx reload
bench restart

I am not sure why it seemed to work, but fail2ban stopped eating up all my cpu time. I cannot say for sure this was a solution, I just know that when I did this it worked. (v10.0.14) My circumstances were also a bit unique for using a copy of a disk image to get a running system.

Your mileage may vary…

Best not to do such things on a live production server during the business day.