Re: fail2ban for apache2
On Saturday 09 November 2019 15:07:51 mick crane wrote:
> On 2019-11-09 18:01, Gene Heskett wrote:
> > On Saturday 09 November 2019 08:59:14 Michael wrote:
> >> > Rather then to use fail2ban for this, I would create un ipset
> >> > that fail2ban can populate then use that ipset in iptables.
> >>
> >> i agree, but:
> >> > One advantage of this is that you can add/delete ip from the
> >> > ipset without having to restart fail2ban/iptables.
> >>
> >> RTFM
> >>
> >> fail2ban allows you to 'unban' an ip address as well:
> >> > man fail2ban-client
> >>
> >> set <JAIL> unbanip <IP>
> >> manually Unban <IP> in <JAIL>
> >
> > Whats this "jail"? The beginners tut seems to assume we've all had
> > cs101
> > thru cs401 and Just Know all the secret handshakes bs already.
> > Sorry, I've been hiding behind dd-wrt for about 2 decades and never
> > had to worry about it before.
> >
> > Besides that the jail.d subdir of the install is empty. No
> > jail.example file to give one an inkling of what its supposed to be
> > like. Theres zero tutorial value in that. I was able, with the help
> > of another responder to carve up some iptables rules to stop the
> > DDOS that semrush,
> > yandex, bingbot, and 2 or 3 others were bound to do to me.
> >
> > Understand I have no objections to those folks indexing my site so
> > their
> > search engines can find stuff, but to just repeatedly download the
> > whole
> > thing, copying it forever, reaching into nooks and crannies I don't
> > even
> > link to, using all my upload bandwidth for weeks at a time, will
> > bring me to battle stations. And we both will suffer because of
> > their poor behavior.
> >
> >> greetings...
> >
> > Cheers, Gene Heskett
>
> I like Gene, he is trying to make something work.
Something I have been extra-ordinarily good in the electronics field
since quitting school early in my freshman year to go fix tv's for a
living in '48. 100% self educated, I have taught more school than I have
attended as a student since. I know the physics behind the electronics
and can be a decent mechanic, my interests are best described as
eclectic.
Finishing my working time out as the CE at a tv station here in WV, 18
years occasionally behind an office door, but 98% of the time fixing
what news could tear up, or keeping an old GE transmitter making a
better pix than it did new. For lots longer at a time too.
> When all this stuff started there seemed to be some sort of logic to
> it and I can't say I understood much of it but the thing seems to be
> now that there seems to be layers and layers of obscurity which makes
> it trickier to figure out what is going on.
> mick
To help clarify that, fail2ban has been stopped and the battle is now
being waged with iptables only. And I have about got the bots locked
out.
I just shut down someone pulling a linuxcnc stretch based install .iso
because I know for a fact that my copy is now old, they should be
getting that from wiki.linuxcnc.org to get a link to the latest.
So I just nuked that and 2 or 3 other instances of outdated stuff. No
sense spreading old code.
Does that clarify things any?
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: