Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation
Reload this Page Need fail2ban regex for apache with ISPConfig
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th March 2007, 11:47
AlArenal AlArenal is offline
Senior Member
  
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 4 Times in 4 Posts
Exclamation Need fail2ban regex for apache with ISPConfig
I have the following situation:
On some days Trackback-Spambots target one of my websites and with their post-requests create gigabytes of incoming (!) traffic on a single day (I measured up to 9.3 GB by now). I habe fail2ban installed and want it to ban the corresponding ips, but unfortunately I don't know much about regular expressions and because I use ISPConfig on my server, my apache's log files don't have the standard format.

This is ISPConfig's apache2 log format:
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

This is an example entry in the log. To-be-blocked entries can be recognized by the UserAgent "TrackBack/1.02":
www.mydomain.tld||||459||||123.123.123.123 - - [05/Mar/2007:14:39:21 +0100] "POST /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02"

The fail2ban apache documentation is very short:
http://www.fail2ban.org/wiki/index.php/Apache

Once a solution has been found, I'm going to update some blog and wiki entries to provide it to the community.

Regards,
al
Reply With Quote
Sponsored Links
  #2  
Old 7th March 2007, 18:33
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
Default
Quote:
Originally Posted by AlArenal
The fail2ban apache documentation is very short:
http://www.fail2ban.org/wiki/index.php/Apache
The documentation is referring to Apache's error log, not the access log. The error log format isn't changed by ISPConfig, so you shouldn't have any problems using fail2ban.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 7th March 2007, 20:37
AlArenal AlArenal is offline
Senior Member
  
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 4 Times in 4 Posts
Default
That's because fail2ban as default config tries to ban ips from which failed login requests came whereas I want to ban spambots which do not produce errors. Or do you mean I should rewrite my .htaccess to raise an error for that particular user agent? Haven't looked at the documentation whether that is possible...

Another idea is to install mod_security and let fail2ban observe this log instead. I found some references on the web and will post an update once I got it up and running.

Stay tuned...
Reply With Quote
  #4  
Old 19th May 2008, 21:44
ts-onlyfree ts-onlyfree is offline
Junior Member
  
Join Date: May 2008
Posts: 2
Thanks: 0
Thanked 2 Times in 1 Post
 
Default ispconfig access log and fail2ban
i got it working with "/var/log/httpd/ispconfig_access_log"

Code:
failregex =  www\.ts-onlyfree\.org\|\|\|\|\d*\|\|\|\|<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".*
Last edited by ts-onlyfree; 22nd May 2008 at 19:39.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig after installation cannot reach www.xyz.de:81 Figth4Linux Installation/Configuration 23 6th March 2008 22:38
ISPConfig Roadmap till Developers' Forum 26 10th June 2007 22:38
fastcgi and php with ispconfig tosser Tips/Tricks/Mods 3 25th June 2006 21:01
ISPConfig 2.3.1-dev released till General 0 8th May 2006 22:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16


All times are GMT +2. The time now is 07:44.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.