Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th September 2012, 10:16
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 128
Thanks: 23
Thanked 11 Times in 9 Posts
Angry Fail2Ban Apache bad_bot filter

Hi,
On my Ubuntu 10.04 64 bit server, I found that there was a filter bad_bot inside fail2ban filter directory. However, there is no command line about this inside the jail.local file.

Does anyone know how to use this bad_bot filter? This filter should have relationship with China bad/malicious search engines. We should watch out for this.
Reply With Quote
Sponsored Links
  #2  
Old 19th September 2012, 10:22
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 128
Thanks: 23
Thanked 11 Times in 9 Posts
Talking

Hey!

I have found the answer by myself!


[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache*/*access.log
maxretry = 2


http://edin.no-ip.com/blog/hswong3i/...pache-fail2ban
Reply With Quote
  #3  
Old 19th September 2012, 10:25
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 128
Thanks: 23
Thanked 11 Times in 9 Posts
Default

and also fail2ban filters update:


https://github.com/fail2ban/fail2ban...onfig/filter.d
Reply With Quote
  #4  
Old 8th October 2012, 07:39
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 128
Thanks: 23
Thanked 11 Times in 9 Posts
Red face

2 more useful fail2ban filters for http access:



[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 2


[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = /var/log/apache*/*access.log
maxretry = 1
Reply With Quote
  #5  
Old 24th November 2012, 16:30
concept21 concept21 is offline
Senior Member
 
Join Date: Dec 2011
Posts: 128
Thanks: 23
Thanked 11 Times in 9 Posts
 
Exclamation

According to my statistics, hackers are very active on courierauth.
Attached Images
 
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sessions not being saved gavimobile General 6 15th January 2012 15:05
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
network issues now it says "401 The web site is blocked by administrator" Check General 3 26th February 2008 14:22
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18


All times are GMT +2. The time now is 07:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.