Re: swamp rat bots Q

To: debian-user@lists.debian.org
Subject: Re: swamp rat bots Q
From: Gene Heskett <gheskett@shentel.net>
Date: Fri, 4 Dec 2020 00:03:57 -0500
Message-id: <[🔎] 202012040003.57042.gheskett@shentel.net>
In-reply-to: <[🔎] 20201204021335.GY7548@bitfolk.com>
References: <[🔎] 202012030735.27875.gheskett@shentel.net> <[🔎] 20201204021335.GY7548@bitfolk.com>

On Thursday 03 December 2020 21:13:35 Andy Smith wrote:

> Hello,
>
> On Thu, Dec 03, 2020 at 07:35:27AM -0500, Gene Heskett wrote:
> > I've had it with a certain bot that that ignore my robots.txt and
> > proceeds to mirror my site, several times a day, burning up my
> > upload bandwidth. They've moved it to 5 different addresses since
> > midnight.
>
> This must be the third or fourth time we have been here with this
> exact question from you. Every time the answers have been "Fail2Ban
> and block by user agent". I don't know why you expect the answers to
> change.
>
> Andy

Fail2ban does not come configured to do anything. In this case, not even 
waste cpu cycles. I've now read thru most of the configs, which may have 
been semi applicable in 2013, the date of its last update. But this, in 
case no one has noticed, is now the fading ragged edges of 2020.

Its .conf files do not mention, nor do they tell you how to edit them to 
work with the directory structures in common use today.  Someone who has 
kept their copy up to date with the ever changing web landscape may in 
fact have a working version, but my install isn't, its a waste of cpu 
cycles, not logging anything in the 20 some hours its been running 
except its nominally 2k startup stanza.

Tell me how to edit, AND enable the use of the apache-badbots.conf. isn't 
stated anyplace I've found so I've no clue how to add to the top line to 
include todays bad bots.  That's my 2nd bitch. Is that list basically a 
CSV but with a "|" as the comma?

Ditto, 1st bitch, what file do I edit to add 
todays /var/log/httpd/other_vhosts_access.log to its list of logs to 
watch.  That's the log file with the real data in it today.  And does it 
need enabled in another, different file.

Then, once its seeing the hits, how do I make it add to iptables/rules 
DROP list? Some "jail" file that I have to assume needs enabled. But the 
man pages do not explain that either. They might as well be written in 
swahili.

That would at least point it to the logs of interest today. And get some 
error messages that might guide the betterment of its configuration. 
THEN it might snowball into something usefull, but FIRST I need to make 
it read the right files to get it started.  Keeping fail2ban up to date 
is called "support", people, and I don't see any since 2013.

Thank you.  Stay safe and well everybody.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: swamp rat bots Q
  - From: Andy Smith <andy@strugglers.net>
- Re: swamp rat bots Q
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>
- Re: swamp rat bots Q
  - From: Andrei POPESCU <andreimpopescu@gmail.com>

References:
- swamp rat bots Q
  - From: Gene Heskett <gheskett@shentel.net>
- Re: swamp rat bots Q
  - From: Andy Smith <andy@strugglers.net>

Prev by Date: Re: doing this does not make touchpad work
Next by Date: Re: i386 debian to 64bit intel
Previous by thread: Re: swamp rat bots Q
Next by thread: Re: swamp rat bots Q
Index(es):
- Date
- Thread