Is there anything to know about this fail2ban notification? I ask because all my other notifications don’t have this RIPE DB query notification, so i’m wondering if this is something the hacker tried to access?


The IP has just been banned by Fail2Ban after
2 attempts against sshd.

Here is more information about :

% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to ' -'

% Abuse contact for ' -' is ''

inetnum: -
netname:        PLANET-TELECOM-NET
country:        CZ
org:            ORG-PTL7-RIPE
admin-c:        PTN21-RIPE
tech-c:         PTN21-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         MNT-PLANET-TELECOM
mnt-routes:     MNT-PLANET-TELECOM
mnt-domains:    MNT-PLANET-TELECOM
mnt-routes:     MNT-3W-INFRA
created:        2007-09-18T09:04:58Z
last-modified:  2016-06-03T13:03:33Z
source:         RIPE
sponsoring-org: ORG-NA225-RIPE

organisation:   ORG-PTL7-RIPE
org-name:       Planet Telecom Ltd.
org-type:       OTHER
address:        Sokolovska 395, 186 00 Praha 8, Prague, Czech Republic
abuse-c:        PTN21-RIPE
mnt-ref:        MNT-PLANET-TELECOM
mnt-by:         MNT-PLANET-TELECOM
created:        2007-09-15T14:57:20Z
last-modified:  2016-03-23T09:42:12Z
source:         RIPE # Filtered

role:           Planet Telecom NOC
address:        Sokolovska 395
address:        186 00 Praha 8
address:        Prague
address:        Czech Republic
phone:          +420234262111
nic-hdl:        PTN21-RIPE
mnt-by:         MNT-PLANET-TELECOM
created:        2016-03-15T20:48:44Z
last-modified:  2016-03-23T09:42:33Z
source:         RIPE # Filtered

% Information related to ''

origin:         AS43715
mnt-by:         MNT-PLANET-TELECOM
created:        2016-03-23T09:37:31Z
last-modified:  2016-03-23T09:37:31Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.88.1 (HEREFORD)

Lines containing IP: in /var/log/auth.log

May 18 22:55:29 droplet-1 sshd[6022]: Invalid user 0 from
May 18 22:55:29 droplet-1 sshd[6022]: Connection closed by port 53193 [preauth]
May 18 22:55:31 droplet-1 sshd[6024]: Invalid user 0000 from
May 18 22:55:31 droplet-1 sshd[6024]: Connection closed by port 36185 [preauth]



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

It’s just information about the IP address. These notifications are pointless.