Re: fail2ban for apache2
On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote:
> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
>
> > I was able, with the help of another responder to carve up some iptables
> > rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 others
> > were bound to do to me.
>
> using iptables directly is fine, because you get your results fast, but it
> lacks some advantages over fail2ban, which i think outweigh the simplicity
> of iptables:
> - whith iptables you have to scan your log regularly for misbehaving or
> unwanted clients, whereas fail2ban does this automatically, constantly (!),
> and based on rules. from time to time these rules have to be adapted, since
> bots are evolving, but i think it's still less trouble than looking at log
> files every day or so.
> - fail2ban allows you to block only specific ports, in your case maybe 80
> and/or 443 for the web server.
> - you have to remember which ip address you blocked, why and for how long
> you want to block them. fail2ban does that for you.
> - ... (too lazy right now to write more)
This accords with my understanding of failtoban with exim. I use it to
keep the logs clean and it is very effective. Offenders are banned for
a year, although I do wonder sometimes whether this length of time is
a little over the top. I also wonder whether, as the banned list builds
up, there is a noticable affect on the machine's resources.
--
Brian.
Reply to: