Iron Feather HQ : NOCH : CRUEL WYNDZ

Be ureself and trip on it!
https://ironfeather.com/bbs/

APACHE BAD BOT BLOCKER and fail2ban tips

https://ironfeather.com/bbs/viewtopic.php?f=12&t=2983

Page 1 of 1

APACHE BAD BOT BLOCKER and fail2ban tips

Posted: Tue Jan 15, 2019 5:13 pm
by Stevyn
APACHE BAD BOT BLOCKER

https://github.com/mitchellkrogza/apach ... Apache_2.4

Code: Select all

sudo mkdir /etc/apache2/custom.d

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/globalblacklist.conf -O /etc/apache2/custom.d/globalblacklist.conf

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/whitelist-ips.conf -O /etc/apache2/custom.d/whitelist-ips.conf

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/whitelist-domains.conf -O /etc/apache2/custom.d/whitelist-domains.conf

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/blacklist-ips.conf -O /etc/apache2/custom.d/blacklist-ips.conf

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/bad-referrer-words.conf -O /etc/apache2/custom.d/bad-referrer-words.conf

sudo wget https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/Apache_2.4/custom.d/blacklist-user-agents.conf -O /etc/apache2/custom.d/blacklist-user-agents.conf
edit both whitelist-ips.conf and whitelist-domains.conf to include all your own domain names and IP addresses that you want to specifically whitelist from the blocker script.

INCLUDE THE GLOBALBLACKLIST.CONF

example:

Code: Select all

<VirtualHost *:80>

	ServerName local.dev
    ServerAlias www.local.dev
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

		<Directory "/var/www/html">
    		AllowOverride All
    		Options FollowSymLinks
			Include custom.d/globalblacklist.conf
  		</Directory>

</VirtualHost>

Re: APACHE BAD BOT BLOCKER

Posted: Tue Jan 15, 2019 6:42 pm
by Stevyn
Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning

https://github.com/mitchellkrogza/Fail2 ... ed-Banning

Code: Select all

cd /etc/fail2ban/filter.d

sudo wget https://raw.githubusercontent.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning/master/filter.d/blacklist.conf -O blacklist.conf

cd /etc/fail2ban/action.d

sudo wget https://raw.githubusercontent.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning/master/action.d/blacklist.conf -O blacklist.conf
add to: /etc/fail2ban/jail.local

Code: Select all

[DEFAULT]
port = 0:65535
filter = %(__name__)s

[blacklist]
enabled = true
logpath  = /var/log/fail2ban.*
filter = blacklist
banaction = blacklist
bantime  = 31536000   ; 1 year
findtime = 31536000   ; 1 year
maxretry = 10

Code: Select all

sudo touch /etc/fail2ban/ip.blacklist

sudo chmod 755 /etc/fail2ban/ip.blacklist
update /etc/logrotate.d/fail2ban to monthly

Re: APACHE BAD BOT BLOCKER

Posted: Tue Jan 15, 2019 7:07 pm
by Stevyn
restart
sudo fail2ban-client -vvv -x start

Re: APACHE BAD BOT BLOCKER

Posted: Tue Jan 15, 2019 7:21 pm
by Stevyn
Fail2Ban Blacklist for Repeat Offenders of Apache (action.d)
Add on for Apache Ultimate Bad Bot and Spam Referrer Blocker

https://github.com/mitchellkrogza/apach ... 2ban_addon

Re: APACHE BAD BOT BLOCKER

Posted: Tue Jan 15, 2019 10:14 pm
by Stevyn
to uban IP 127.0.0.1 (example)

Code: Select all

fail2ban-client set apache-auth unbanip 127.0.0.1

Re: APACHE BAD BOT BLOCKER

Posted: Tue Jan 15, 2019 10:23 pm
by Stevyn
Usefull command for displaying all bans:

Code: Select all

sudo fail2ban-client status | grep "Jail list:" | sed "s/ //g" | awk '{split($2,a,",");for(i in a) system("sudo fail2ban-client status " a[i])}' | grep "Status\|IP list"

Re: APACHE BAD BOT BLOCKER

Posted: Fri Jan 18, 2019 11:19 am
by Stevyn
APACHE BAD BOT BLOCKER is blocking 127.0.0.1

problem: APACHE BAD BOT BLOCKER is blocking 127.0.0.1

FIX: i am using some internal curl processes to gather info. The curl was not providing user-agent headers so APACHE BAD BOT BLOCKER was blocking it, blocking 127.0.0.1

The fix is to add a user-agent such as 'stevyn-bot'

and then in the whitelist user-agent 'stevyn-bot' and now check your logs and it should be OK

Re: APACHE BAD BOT BLOCKER

Posted: Thu Jan 24, 2019 8:36 pm
by Stevyn
Fail2Ban.WebExploits
This custom Fail2Ban filter and jail will deal with all scans for common Wordpress, Joomla, Drupal and other Web Exploits being scanned for by automated bots and those seeking to find exploitable web sites.

https://github.com/mitchellkrogza/Fail2Ban.WebExploits

ban an attacker IP with Fail2Ban manually by command line

Posted: Wed Jan 26, 2022 10:39 am
by Stevyn
https://stackoverflow.com/questions/290 ... mmand-line


ban an attacker IP with Fail2Ban manually by command line

Check the jail where to add the IP using

Code: Select all

fail2ban-client status

Code: Select all

fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
All times are UTC+09:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/