Re: fail2ban for apache2
On Monday 11 November 2019 12:38:09 Greg Wooledge wrote:
> On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote:
> > Only one log file seems to have useful data, the "other..." file,
> > and I have posted several single lines here, but here's a few more:
> >
> > coyote.coyote.den:80 40.94.105.9 - -
> > [11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 200
> > 5141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
> > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133
> > Safari/537.36"
> > coyote.coyote.den:80 40.94.105.9 - -
> > [11/Nov/2019:12:08:53 -0500] "GET
> > /gene/pix/EasterSundayCropped2004-1.jpg HTTP/1.1" 200 194478
> > "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0 (Windows NT 10.0;
> > Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
> > Chrome/57.0.2987.133 Safari/537.36"
> > coyote.coyote.den:80 40.94.105.9 - -
> > [11/Nov/2019:12:08:56 -0500] "GET /favicon.ico HTTP/1.1" 200
> > 1705 "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0 (Windows NT
> > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
> > Chrome/57.0.2987.133 Safari/537.36"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:10:52 -0500] "GET /robots.txt HTTP/1.1" 200
> > 1092 "-" "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:10:53 -0500] "GET
> > /gene/nitros9/level1/d64/modules/sysgo_h0 HTTP/1.1" 200 706 "-"
> > "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:10:58 -0500] "GET
> > /gene/nitros9/level1/coco2b/NOS9_6809_L1_coco2b_cocosdc.dsk
> > HTTP/1.1" 200 4718822 "-" "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:11:21 -0500] "GET
> > /gene/nitros9/level1/coco2_6309/NOS9_6309_L1_coco2_6309_dw_directmod
> >empak.dsk HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible;
> > Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:11:29 -0500] "GET
> > /gene/nitros9/level1/dalpha/modules/defsfile HTTP/1.1" 200 248 "-"
> > "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:11:34 -0500] "GET
> > /gene/nitros9/level1/atari/modules/n1_scdwv.dd HTTP/1.1" 200 280 "-"
> > "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> > coyote.coyote.den:80 203.133.169.54 - -
> > [11/Nov/2019:12:11:39 -0500] "GET
> > /gene/nitros9/level1/coco1_6309/bootfiles/bootfile_covga_cocosdc
> > HTTP/1.1" 200 16133 "-" "Mozilla/5.0 (compatible; Daum/4.1;
> > +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
> >
> > I did ask earlier if daum was a bot but no one answered. They are
> > becoming a mite pesky.
>
> Well, maybe nobody knows.
>
> I went to daum.net in a web browser, and it looks like it's in an
> Asian language. It also looks like it's selling a bunch of stuff (at
> least, it's laid out the way a retailer's web page is typically laid
> out).
>
> I also went to the URL in your log
> <http://cs.daum.net/faq/15/4118.html?faqId=28966>. Again, it's in a
> language that I can't read, but it's talking about robots.txt and
> shows an example of how to block them.
>
> So, yes, it's a bot.
>
> Did you not try either of these steps yourself?
I've at least 2 dozen robots.txt, with every known recipe scattered about
including the one they read, and then ignored. That leaves iptables...
Its working and after several weeks I have some upload bandwidth left.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: