Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 6th March 2007, 11:47
AlArenal AlArenal is offline
Senior Member
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts
Exclamation Need fail2ban regex for apache with ISPConfig

I have the following situation:
On some days Trackback-Spambots target one of my websites and with their post-requests create gigabytes of incoming (!) traffic on a single day (I measured up to 9.3 GB by now). I habe fail2ban installed and want it to ban the corresponding ips, but unfortunately I don't know much about regular expressions and because I use ISPConfig on my server, my apache's log files don't have the standard format.

This is ISPConfig's apache2 log format:
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

This is an example entry in the log. To-be-blocked entries can be recognized by the UserAgent "TrackBack/1.02":
www.mydomain.tld||||459|||| - - [05/Mar/2007:14:39:21 +0100] "POST /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02"

The fail2ban apache documentation is very short:

Once a solution has been found, I'm going to update some blog and wiki entries to provide it to the community.

Reply With Quote
Sponsored Links
Old 7th March 2007, 18:33
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts

Originally Posted by AlArenal
The fail2ban apache documentation is very short:
The documentation is referring to Apache's error log, not the access log. The error log format isn't changed by ISPConfig, so you shouldn't have any problems using fail2ban.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Old 7th March 2007, 20:37
AlArenal AlArenal is offline
Senior Member
Join Date: Feb 2007
Location: Germany
Posts: 104
Thanks: 1
Thanked 5 Times in 5 Posts

That's because fail2ban as default config tries to ban ips from which failed login requests came whereas I want to ban spambots which do not produce errors. Or do you mean I should rewrite my .htaccess to raise an error for that particular user agent? Haven't looked at the documentation whether that is possible...

Another idea is to install mod_security and let fail2ban observe this log instead. I found some references on the web and will post an update once I got it up and running.

Stay tuned...
Reply With Quote
Old 19th May 2008, 21:44
ts-onlyfree ts-onlyfree is offline
Junior Member
Join Date: May 2008
Posts: 2
Thanks: 0
Thanked 2 Times in 1 Post
Default ispconfig access log and fail2ban

i got it working with "/var/log/httpd/ispconfig_access_log"

failregex =  www\.ts-onlyfree\.org\|\|\|\|\d*\|\|\|\|<HOST> -.*"GET \/w00tw00t\.at\.ISC\.SANS\.DFind\:\).*".*

Last edited by ts-onlyfree; 22nd May 2008 at 19:39.
Reply With Quote
Old 19th June 2013, 22:26
marko marko is offline
Junior Member
Join Date: Oct 2011
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default Separate error.log files

Hi everybody,
I want to monitore error.log files with fail2ban for every website on the server.

each one is in /var/www/RandomName/log/error.log

any ideas?

thank you.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPconfig after installation cannot reach www.xyz.de:81 Figth4Linux Installation/Configuration 23 6th March 2008 22:38
ISPConfig Roadmap till Developers' Forum 26 10th June 2007 22:38
fastcgi and php with ispconfig tosser Tips/Tricks/Mods 3 25th June 2006 21:01
ISPConfig 2.3.1-dev released till General 0 8th May 2006 22:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16

All times are GMT +2. The time now is 07:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.