[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fail2ban for apache2

Sorry Gene. Hit reply instead of reply list.

On 11/11/19 12:18 PM, Gene Heskett wrote:

On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:


I have a list of ipv4's I want fail2ban to block.


Not sure that fail2ban is the best tool for the job. Where you
already have a list of IPs that you want to block why not just
directly create the iptables rules?


just did that, got most of them but semrush apparently has fallback
addys to use.  But I'm no longer being DDOSed, which was the point.
Thanks.


In case it wasn't already clear, what fail2ban does is parse a log
file looking for repeated instances of an invalid login (or whatever).
  You have to tell it what to look for, and what to do about it.





coyote.coyote.den:80 40.94.105.9 - -
[11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 200
5141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36"
coyote.coyote.den:80 40.94.105.9 - -
[11/Nov/2019:12:08:53 -0500] "GET /gene/pix/EasterSundayCropped2004-1.jpg
HTTP/1.1" 200 194478 "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/57.0.2987.133 Safari/537.36"
coyote.coyote.den:80 40.94.105.9 - -
[11/Nov/2019:12:08:56 -0500] "GET /favicon.ico HTTP/1.1" 200
1705 "http://geneslinuxbox.net:6309/gene/"; "Mozilla/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/57.0.2987.133 Safari/537.36"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:10:52 -0500] "GET /robots.txt HTTP/1.1" 200
1092 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:10:53 -0500] "GET /gene/nitros9/level1/d64/modules/sysgo_h0
HTTP/1.1" 200 706 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:10:58 -0500] "GET /gene/nitros9/level1/coco2b/NOS9_6809_L1_coco2b_cocosdc.dsk
HTTP/1.1" 200 4718822 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:11:21 -0500] "GET /gene/nitros9/level1/coco2_6309/NOS9_6309_L1_coco2_6309_dw_directmodempak.dsk
HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:11:29 -0500] "GET /gene/nitros9/level1/dalpha/modules/defsfile
HTTP/1.1" 200 248 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:11:34 -0500] "GET /gene/nitros9/level1/atari/modules/n1_scdwv.dd
HTTP/1.1" 200 280 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"
coyote.coyote.den:80 203.133.169.54 - -
[11/Nov/2019:12:11:39 -0500] "GET /gene/nitros9/level1/coco1_6309/bootfiles/bootfile_covga_cocosdc
HTTP/1.1" 200 16133 "-" "Mozilla/5.0 (compatible; Daum/4.1;
+http://cs.daum.net/faq/15/4118.html?faqId=28966)"

I did ask earlier if daum was a bot but no one answered.  They are
becoming a mite pesky.



Here's your answer:

https://www.distilnetworks.com/bot-directory/bot/daum-4-1/





Thanks.

Cheers, Gene Heskett



--
Frank McCormick
Reply to: