Re: fail2ban for apache2
On Saturday 09 November 2019 03:36:49 john doe wrote:
> On 11/9/2019 8:30 AM, Gene Heskett wrote:
> > I have a list of ipv4's I want fail2ban to block. But amongst the
> > numerous subdirs for fail2ban, I cannot find one that looks suitable
> > to put this list of addresses in so the are blocked forever. Can
> > someone more familiar with how fail2ban works give me a hand? These
> > are the ipv4 addresses of bingbot, semrush, yandex etc etc that are
> > DDOSing me by repeatedly downloading my whole site and using up 100%
> > of my upload bandwidth.
> >
> > Thanks all.
> >
> > Cheers, Gene Heskett
>
> Rather then to use fail2ban for this, I would create un ipset that
> fail2ban can populate then use that ipset in iptables.
>
> One advantage of this is that you can add/delete ip from the ipset
> without having to restart fail2ban/iptables.
I've done that with the help of a previous responder and now have 99% of
the pigs that ignore my robots.txt blocked. semrush is extremely
determined and has switched to a 4th address I've not seen before, but
is no longer DDOSing my site.
Thanks John
> --
> John Doe
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: