Re: fail2ban for apache2

To: debian-user@lists.debian.org
Subject: Re: fail2ban for apache2
From: Gene Heskett <gheskett@shentel.net>
Date: Sat, 9 Nov 2019 08:47:10 -0500
Message-id: <[🔎] 201911090847.10924.gheskett@shentel.net>
In-reply-to: <[🔎] 20191109090132.GB15182@tuxteam.de>
References: <[🔎] 201911090230.57430.gheskett@shentel.net> <[🔎] 201911090336.49448.gheskett@shentel.net> <[🔎] 20191109090132.GB15182@tuxteam.de>

On Saturday 09 November 2019 04:01:32 tomas@tuxteam.de wrote:

> On Sat, Nov 09, 2019 at 03:36:49AM -0500, Gene Heskett wrote:
> > On Saturday 09 November 2019 02:49:16 mett wrote:
> > > On 2019年11月9日 16:30:57 JST, Gene Heskett <gheskett@shentel.net> 
wrote:
> > > >I have a list of ipv4's I want fail2ban to block. But amongst the
> > > >numerous subdirs for fail2ban, I cannot find one that looks
> > > > suitable to
> > > >
> > > >put this list of addresses in so the are blocked forever.  Can
> > > > someone more familiar with how fail2ban works give me a hand? 
> > > > These are the ipv4 addresses of bingbot, semrush, yandex etc etc
> > > > that are DDOSing me by repeatedly downloading my whole site and
> > > > using up 100% of my upload bandwidth.
> > > >
> > > >Thanks all.
> > > >
> > > >Cheers, Gene Heskett
> > > >--
> > > >"There are four boxes to be used in defense of liberty:
> > > > soap, ballot, jury, and ammo. Please use in that order."
> > > >-Ed Howdershelt (Author)
> > > >If we desire respect for the law, we must first make the law
> > > >respectable.
> > > > - Louis D. Brandeis
> > > >Genes Web page <http://geneslinuxbox.net:6309/gene>
> > >
> > > Hi,
> > >
> > > In this case, better to use iptables
> > > directly:
> > >
> > > iptables -I INPUT 14 -s IP.ADD.RE.SS -j DROP
> >
> > root@coyote:action.d$ iptables -I INPUT 14 -s 73.229.203.175 -j DROP
>
>                                           ^^
>
> This "14" is probably the culprit.
>
> > doesn't work gets:
> > iptables: Index of insertion too big.  Even as low as 8
>
> This states at which position in the chain this rule is supposed
> to be inserted at (the "rulenum" in the man page). If you haven't
> an INPUT chain with at least 13 rules already in it (which I don't
> think you have), then the error message makes sense.
>
> For a first experiment, just leave that "14" out (-I doesn't
> require a rule number and inserts, by default, at the beginning,
> which in general makes sense). I'd try instead:
>
>   iptables -I INPUT -s IP.ADD.RE.SS -j DROP
>
I went back to 2, and built back to 10, which got enough of them to get 
some peace from their DDOSing.

> Cheers
> -- t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: <tomas@tuxteam.de>

Prev by Date: Re: fail2ban for apache2
Next by Date: Re: fail2ban for apache2
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread