but also whole companies from israel are offering tools to nuke off your webserver with „rented“ DDoS attacks
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
findtime = 600
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
findtime = 600
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 2
findtime = 600
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 2
findtime = 600
:wq # save and quit
# restart fail2ban
/etc/init.d/fail2ban restart
iptables -L
Send Reports via Mail
You might want fail2ban report on filter action.
Too see who is trying to DDoS or bruteforce your box.
-
[apache]
: this jail is used to block failed login attempts.
-
[apache-noscript]
: this jail is used to block remote clients who are searching for scripts on the website to execute.
-
[apache-overflows]
: this jail is used to block clients who are attempting to request suspicious URLs.
-
[apache-noscript]
: this jail is used to block remote clients who are searching for scripts on website to execute.
-
[apache-badbots]
: this jail is used to block malicious bot requests.
Note : You can find the details of each rule described below.
-
enabled
: this option means Apache protection is on.
-
port
: this option specifies the services that fail2ban monitors.
-
filter
: this option refers the config file located in the
/etc/fail2ban/filter.d/directory.
-
logpath
: this option specifies the location of log file.
-
bantime
: this option specifies the number of seconds that a remote host will be blocked from the server.
-
maxretry
: this option specifies the number of failed login attempts before a remote host is blocked for the length of the ban time.
-
ignoreip
: this option allows you to whitelist certain IP addresses from blocking.
Creditzs: https://www.maketecheasier.com/fail2ban-protect-apache-ddos/