Re: swamp rat bots Q
On Thursday 03 December 2020 21:13:35 Andy Smith wrote:
> Hello,
>
> On Thu, Dec 03, 2020 at 07:35:27AM -0500, Gene Heskett wrote:
> > I've had it with a certain bot that that ignore my robots.txt and
> > proceeds to mirror my site, several times a day, burning up my
> > upload bandwidth. They've moved it to 5 different addresses since
> > midnight.
>
> This must be the third or fourth time we have been here with this
> exact question from you. Every time the answers have been "Fail2Ban
> and block by user agent". I don't know why you expect the answers to
> change.
>
> Andy
Fail2ban does not come configured to do anything. In this case, not even
waste cpu cycles. I've now read thru most of the configs, which may have
been semi applicable in 2013, the date of its last update. But this, in
case no one has noticed, is now the fading ragged edges of 2020.
Its .conf files do not mention, nor do they tell you how to edit them to
work with the directory structures in common use today. Someone who has
kept their copy up to date with the ever changing web landscape may in
fact have a working version, but my install isn't, its a waste of cpu
cycles, not logging anything in the 20 some hours its been running
except its nominally 2k startup stanza.
Tell me how to edit, AND enable the use of the apache-badbots.conf. isn't
stated anyplace I've found so I've no clue how to add to the top line to
include todays bad bots. That's my 2nd bitch. Is that list basically a
CSV but with a "|" as the comma?
Ditto, 1st bitch, what file do I edit to add
todays /var/log/httpd/other_vhosts_access.log to its list of logs to
watch. That's the log file with the real data in it today. And does it
need enabled in another, different file.
Then, once its seeing the hits, how do I make it add to iptables/rules
DROP list? Some "jail" file that I have to assume needs enabled. But the
man pages do not explain that either. They might as well be written in
swahili.
That would at least point it to the logs of interest today. And get some
error messages that might guide the betterment of its configuration.
THEN it might snowball into something usefull, but FIRST I need to make
it read the right files to get it started. Keeping fail2ban up to date
is called "support", people, and I don't see any since 2013.
Thank you. Stay safe and well everybody.
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: