Kern.log peer unexpectedly shrunk window

If you get this kind of error :

Dec  8 13:35:18  kernel: [6114223.972059] Peer  unexpectedly shrunk window 3517493258:3517493263 (repaired)
Dec  8 13:35:20  kernel: [6114225.860020] Peer  unexpectedly shrunk window 4250428389:4250428394 (repaired)

It means that some hackers have been able to login into your server through an exploit or a backdoor. You have to add a jail to Fail2Ban. Setup Fail2Ban if it is not yet already done.

Create shrunk-window.conf :

nano /etc/fail2ban/filter.d/shrunk-window.conf

Add :

[Definition]
failregex = ^.*Peer \:.* unexpectedly shrunk window.*repaired+
ignoreregex =
nano /etc/fail2ban/jail.conf

Add :

[shrunk-window]
enabled = true
filter = shrunk-window
logpath = /var/log/kern.log
port = all
maxretry = 1

The same with jail.local :

nano /etc/fail2ban/jail.local

Add :

[shrunk-window]
enabled = true
filter = shrunk-window
logpath = /var/log/kern.log
port = all
maxretry = 1

Restart Fail2Ban :

/etc/init.d/fail2ban restart