Re: fail2ban for apache2

[Greg Wooledge <wooledg@eeg.ccf.org>]

> > > I have a list of ipv4's I want fail2ban to block.
> >
> > Not sure that fail2ban is the best tool for the job. Where you already
> > have a list of IPs that you want to block why not just directly create
> > the iptables rules?
> 
> just did that, got most of them but semrush apparently has fallback addys 
> to use.  But I'm no longer being DDOSed, which was the point.  Thanks.

In case it wasn't already clear, what fail2ban does is parse a log file
looking for repeated instances of an invalid login (or whatever).  You
have to tell it what to look for, and what to do about it.

The typical use is with an ssh server, looking for rapid, repeated
login failures.  If enough failed logins occur from a single IP, then
it adds a firewall rule to block that IP address.

Hence "fail 2 ban", i.e. "fail -> ban".

If you already know the IP addresses/ranges that you want to block, you
don't need fail2ban.

But once again, I really think you'd be better served by blocking this
particular bot based on user-agent string, assuming it has an easily
identifiable user-agent in your log files.  That way, when it changes
its IP address, it'll still be blocked.

I *know* I told you to look at your log files, and to turn on user-agent
logging if necessary.

I don't remember seeing you ever *post* your log files here, not even
a single line from a single instance of this bot.  Maybe I missed it.