Re: fail2ban for apache2

[Gene Heskett <gheskett@shentel.net>]

On Saturday 09 November 2019 08:59:14 Michael wrote:

> > Rather then to use fail2ban for this, I would create un ipset that
> > fail2ban can populate then use that ipset in iptables.
>
> i agree, but:
> > One advantage of this is that you can add/delete ip from the ipset
> > without having to restart fail2ban/iptables.
>
> RTFM
>
> fail2ban allows you to 'unban' an ip address as well:
>     > man fail2ban-client
>
>     set <JAIL> unbanip <IP>
>         manually Unban <IP> in <JAIL>
>
Whats this "jail"? The beginners tut seems to assume we've all had cs101 
thru cs401 and Just Know all the secret handshakes bs already.  Sorry, 
I've been hiding behind dd-wrt for about 2 decades and never had to 
worry about it before.

Besides that the jail.d subdir of the install is empty. No jail.example 
file to give one an inkling of what its supposed to be like.  Theres 
zero tutorial value in that. I was able, with the help of another 
responder to carve up some iptables rules to stop the DDOS that semrush, 
yandex, bingbot, and 2 or 3 others were bound to do to me.

Understand I have no objections to those folks indexing my site so their 
search engines can find stuff, but to just repeatedly download the whole 
thing, copying it forever, reaching into nooks and crannies I don't even 
link to, using all my upload bandwidth for weeks at a time, will bring 
me to battle stations. And we both will suffer because of their poor 
behavior.

> greetings...


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>