diff --git a/common/defender.go b/common/defender.go
index f064b749..5ddd301c 100644
--- a/common/defender.go
+++ b/common/defender.go
@@ -266,10 +266,12 @@ func (d *memoryDefender) GetHost(ip string) (*DefenderEntry, error) {
 	defer d.RUnlock()
 
 	if banTime, ok := d.banned[ip]; ok {
-		return &DefenderEntry{
-			IP:      ip,
-			BanTime: banTime,
-		}, nil
+		if banTime.After(time.Now()) {
+			return &DefenderEntry{
+				IP:      ip,
+				BanTime: banTime,
+			}, nil
+		}
 	}
 
 	if hs, ok := d.hosts[ip]; ok {
diff --git a/common/defender_test.go b/common/defender_test.go
index d9a4bd13..a03ae2a3 100644
--- a/common/defender_test.go
+++ b/common/defender_test.go
@@ -206,14 +206,14 @@ func TestExpiredHostBans(t *testing.T) {
 	assert.Len(t, res, 0)
 
 	assert.False(t, defender.IsBanned(testIP))
-	entry, err := defender.GetHost(testIP)
-	assert.NoError(t, err)
-	assert.Equal(t, testIP, entry.IP)
-	assert.NotEmpty(t, entry.GetBanTime())
+	_, err = defender.GetHost(testIP)
+	assert.Error(t, err)
+	_, ok := defender.banned[testIP]
+	assert.True(t, ok)
 	// now add an event for an expired banned ip, it should be removed
 	defender.AddEvent(testIP, HostEventLoginFailed)
 	assert.False(t, defender.IsBanned(testIP))
-	entry, err = defender.GetHost(testIP)
+	entry, err := defender.GetHost(testIP)
 	assert.NoError(t, err)
 	assert.Equal(t, testIP, entry.IP)
 	assert.Empty(t, entry.GetBanTime())
@@ -248,7 +248,7 @@ func TestExpiredHostBans(t *testing.T) {
 	assert.Len(t, res, 0)
 	_, err = defender.GetHost(testIP)
 	assert.Error(t, err)
-	_, ok := defender.hosts[testIP]
+	_, ok = defender.hosts[testIP]
 	assert.True(t, ok)
 }