but also whole companies from israel are offering tools to nuke off your webserver with „rented“ DDoS attacks

vim /etc/fail2ban/jail.local; # add those lines:

[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
findtime = 600

[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
findtime = 600

[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 2
findtime = 600

[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 2
findtime = 600

:wq # save and quit

# restart fail2ban

/etc/init.d/fail2ban restart

iptables -L

Send Reports via Mail

You might want fail2ban report on filter action.

Too see who is trying to DDoS or bruteforce your box.

 

  • [apache]

    : this jail is used to block failed login attempts.

  • [apache-noscript]

    : this jail is used to block remote clients who are searching for scripts on the website to execute.

  • [apache-overflows]

    : this jail is used to block clients who are attempting to request suspicious URLs.

  • [apache-noscript]

    : this jail is used to block remote clients who are searching for scripts on website to execute.

  • [apache-badbots]

    : this jail is used to block malicious bot requests.

Note : You can find the details of each rule described below.

  • enabled

    : this option means Apache protection is on.

  • port

    : this option specifies the services that fail2ban monitors.

  • filter

    : this option refers the config file located in the 

    /etc/fail2ban/filter.d/

    directory.

  • logpath

    : this option specifies the location of log file.

  • bantime

    : this option specifies the number of seconds that a remote host will be blocked from the server.

  • maxretry

    : this option specifies the number of failed login attempts before a remote host is blocked for the length of the ban time.

  • ignoreip

    : this option allows you to whitelist certain IP addresses from blocking.

Creditzs: https://www.maketecheasier.com/fail2ban-protect-apache-ddos/

admin