Sorry Gene. Hit reply instead of reply list. On 11/11/19 12:18 PM, Gene Heskett wrote:
On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:I have a list of ipv4's I want fail2ban to block.Not sure that fail2ban is the best tool for the job. Where you already have a list of IPs that you want to block why not just directly create the iptables rules?just did that, got most of them but semrush apparently has fallback addys to use. But I'm no longer being DDOSed, which was the point. Thanks.In case it wasn't already clear, what fail2ban does is parse a log file looking for repeated instances of an invalid login (or whatever). You have to tell it what to look for, and what to do about it.
coyote.coyote.den:80 40.94.105.9 - - [11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 200 5141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" coyote.coyote.den:80 40.94.105.9 - - [11/Nov/2019:12:08:53 -0500] "GET /gene/pix/EasterSundayCropped2004-1.jpg HTTP/1.1" 200 194478 "http://geneslinuxbox.net:6309/gene/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" coyote.coyote.den:80 40.94.105.9 - - [11/Nov/2019:12:08:56 -0500] "GET /favicon.ico HTTP/1.1" 200 1705 "http://geneslinuxbox.net:6309/gene/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:10:52 -0500] "GET /robots.txt HTTP/1.1" 200 1092 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:10:53 -0500] "GET /gene/nitros9/level1/d64/modules/sysgo_h0 HTTP/1.1" 200 706 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:10:58 -0500] "GET /gene/nitros9/level1/coco2b/NOS9_6809_L1_coco2b_cocosdc.dsk HTTP/1.1" 200 4718822 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:11:21 -0500] "GET /gene/nitros9/level1/coco2_6309/NOS9_6309_L1_coco2_6309_dw_directmodempak.dsk HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:11:29 -0500] "GET /gene/nitros9/level1/dalpha/modules/defsfile HTTP/1.1" 200 248 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:11:34 -0500] "GET /gene/nitros9/level1/atari/modules/n1_scdwv.dd HTTP/1.1" 200 280 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" coyote.coyote.den:80 203.133.169.54 - - [11/Nov/2019:12:11:39 -0500] "GET /gene/nitros9/level1/coco1_6309/bootfiles/bootfile_covga_cocosdc HTTP/1.1" 200 16133 "-" "Mozilla/5.0 (compatible; Daum/4.1; +http://cs.daum.net/faq/15/4118.html?faqId=28966)" I did ask earlier if daum was a bot but no one answered. They are becoming a mite pesky.
Here's your answer: https://www.distilnetworks.com/bot-directory/bot/daum-4-1/
Thanks. Cheers, Gene Heskett
-- Frank McCormick