but also whole companies from israel are offering tools to nuke off your webserver with „rented“ DDoS attacks

Send Reports via Mail

You might want fail2ban report on filter action.

Too see who is trying to DDoS or bruteforce your box.

• [apache]

  : this jail is used to block failed login attempts.

• [apache-noscript]

  : this jail is used to block remote clients who are searching for scripts on the website to execute.

• [apache-overflows]

  : this jail is used to block clients who are attempting to request suspicious URLs.

• [apache-noscript]

  : this jail is used to block remote clients who are searching for scripts on website to execute.

• [apache-badbots]

  : this jail is used to block malicious bot requests.

Note : You can find the details of each rule described below.

• enabled

  : this option means Apache protection is on.

• port

  : this option specifies the services that fail2ban monitors.

• filter

  : this option refers the config file located in the 

  /etc/fail2ban/filter.d/

  directory.

• logpath

  : this option specifies the location of log file.

• bantime

  : this option specifies the number of seconds that a remote host will be blocked from the server.

• maxretry

  : this option specifies the number of failed login attempts before a remote host is blocked for the length of the ban time.

• ignoreip

  : this option allows you to whitelist certain IP addresses from blocking.

Creditzs: https://www.maketecheasier.com/fail2ban-protect-apache-ddos/

admin