Re: fail2ban for apache2

To: debian-user@lists.debian.org
Subject: Re: fail2ban for apache2
From: Andy Smith <andy@strugglers.net>
Date: Sat, 9 Nov 2019 19:35:39 +0000
Message-id: <[🔎] 20191109193539.GK1278@bitfolk.com>
In-reply-to: <[🔎] 201911091334.11968.gheskett@shentel.net>
References: <[🔎] 201911090230.57430.gheskett@shentel.net> <[🔎] 201911090843.25501.gheskett@shentel.net> <[🔎] 20191109151053.GJ1278@bitfolk.com> <[🔎] 201911091334.11968.gheskett@shentel.net>

Hello,

On Sat, Nov 09, 2019 at 01:34:11PM -0500, Gene Heskett wrote:
> On Saturday 09 November 2019 10:10:53 Andy Smith wrote:
> > You've repeatedly been advised to block these bots in Apache by
> > their UserAgent. Have you tried that yet? It would be a lot simpler
> > than fail2ban or trying to keep up with their IP addresses.
> >
> Maybe, but semrush has a variation in the user agent spelling that makes 
> a block of xx.xx.xx.xx/24 more effective.

Really?

$ cat /var/log/apache2/access.log{,.1} | awk -F '[()]' 'tolower($0) ~ /semrush/ { print $2 }' | sort | uniq -c | sort -rn
     95 compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html
     80 compatible; SemrushBot/3~bl; +http://www.semrush.com/bot.html
     29 compatible; SemrushBot-BA; +http://www.semrush.com/bot.html

I'll suggest once more just blocking UserAgents that match
"SemrushBot" but I realise I am just howling into the void.

Regards,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Andy Smith <andy@strugglers.net>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: fail2ban for apache2
Next by Date: Re: Thought regarding NGINX and Debian
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread