Re: fail2ban for apache2
On 11/9/2019 2:43 PM, Gene Heskett wrote:
> On Saturday 09 November 2019 03:36:49 john doe wrote:
>
>> On 11/9/2019 8:30 AM, Gene Heskett wrote:
>>> I have a list of ipv4's I want fail2ban to block. But amongst the
>>> numerous subdirs for fail2ban, I cannot find one that looks suitable
>>> to put this list of addresses in so the are blocked forever. Can
>>> someone more familiar with how fail2ban works give me a hand? These
>>> are the ipv4 addresses of bingbot, semrush, yandex etc etc that are
>>> DDOSing me by repeatedly downloading my whole site and using up 100%
>>> of my upload bandwidth.
>>>
>>> Thanks all.
>>>
>>> Cheers, Gene Heskett
>>
>> Rather then to use fail2ban for this, I would create un ipset that
>> fail2ban can populate then use that ipset in iptables.
>>
>> One advantage of this is that you can add/delete ip from the ipset
>> without having to restart fail2ban/iptables.
>
> I've done that with the help of a previous responder and now have 99% of
> the pigs that ignore my robots.txt blocked. semrush is extremely
> determined and has switched to a 4th address I've not seen before, but
> is no longer DDOSing my site.
>
Then, I don't understand your question, if you have fail2ban populating
an ipset and that ipset is used in iptables.
You can simply add those set of IPs to the ipset manually.
Note that using IPs directly is an red herring; you need to use other
means (UserAgent ...) to identify those bots.
By the sound of it, you cleerly need to learn the httpd server you are
using, then if it is not enough, add fail2ban and iptables into the mix.
--
John Doe
Reply to: