Re: fail2ban for apache2
On Saturday 09 November 2019 02:49:16 mett wrote:
> On 2019年11月9日 16:30:57 JST, Gene Heskett <gheskett@shentel.net> wrote:
> >I have a list of ipv4's I want fail2ban to block. But amongst the
> >numerous subdirs for fail2ban, I cannot find one that looks suitable
> > to
> >
> >put this list of addresses in so the are blocked forever. Can
> > someone more familiar with how fail2ban works give me a hand? These
> > are the ipv4 addresses of bingbot, semrush, yandex etc etc that are
> > DDOSing me by repeatedly downloading my whole site and using up 100%
> > of my upload bandwidth.
> >
> >Thanks all.
> >
> >Cheers, Gene Heskett
> >--
> >"There are four boxes to be used in defense of liberty:
> > soap, ballot, jury, and ammo. Please use in that order."
> >-Ed Howdershelt (Author)
> >If we desire respect for the law, we must first make the law
> >respectable.
> > - Louis D. Brandeis
> >Genes Web page <http://geneslinuxbox.net:6309/gene>
>
> Hi,
>
> In this case, better to use iptables
> directly:
>
> iptables -I INPUT 14 -s IP.ADD.RE.SS -j DROP
root@coyote:action.d$ iptables -I INPUT 14 -s 73.229.203.175 -j DROP
doesn't work gets:
iptables: Index of insertion too big. Even as low as 8
> -where I is for "Insert"
> -14 is the line nber of insertion
> -where s is for "source"
> -where j is for "jump to"
> -also, u can check current table
> with line-number by issuing:
> iptables -L -nv --line-numbers
>
returns:
root@coyote:action.d$ iptables -L -nv --line-numbers
Chain INPUT (policy ACCEPT 15M packets, 186G bytes)
num pkts bytes target prot opt in out source destination
1 0 0 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 14M packets, 182G bytes)
num pkts bytes target prot opt in out source destination
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
> u can even script it for availability
> across reboot;
That was automatic the last time I actually used it.
> by the way
> depending debian version,
> iptables might have been
> replaced by nft.
Stretch, still iptables.
And I got it by starting at 2.
>
> hth!
root@coyote:action.d$ iptables -L -nv --line-numbers
Chain INPUT (policy ACCEPT 32 packets, 3143 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
2 0 0 DROP all -- * * 73.229.203.175 0.0.0.0/0
3 0 0 DROP all -- * * 77.88.5.200 0.0.0.0/0
4 0 0 DROP all -- * * 66.249.64.226 0.0.0.0/0
5 0 0 DROP all -- * * 40.77.167.82 0.0.0.0/0
6 0 0 DROP all -- * * 111.225.149.199 0.0.0.0/0
7 0 0 DROP all -- * * 40.77.167.142 0.0.0.0/0
8 0 0 DROP all -- * * 220.243.136.25 0.0.0.0/0
9 0 0 DROP all -- * * 46.229.168.146 0.0.0.0/0
10 0 0 DROP all -- * * 141.8.143.160 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 28 packets, 1939 bytes)
num pkts bytes target prot opt in out source destination
Chain f2b-sshd (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Thats not all of them but its a good start and I can get lots more ip's from the logs.
Thanks a bunch. Now maybe folks interested in running linuxcnc on an rpi4
can get to a preempt-rt kernel or linuxcnc stuffs to run their machinery with.
One last question, does this take ad.dr.ess.es/24 for mat as I can block 4 of
the semrush bots in one swell foop that way
Thanks a bunch, we got most of them in 10 new lines.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: