if fail2ban fails to ban:
https://dwaves.de/2017/07/27/centos7-replaced-firewall-iptables-with-firewalld-iptables-vs-nftables-benchmark-performance-comparison-scalability-when-facing-ddos-scenarios/
but also whole companies from israel are offering tools to nuke off your webserver with “rented” DDoS attacks
vim /etc/fail2ban/jail.local; # add those lines: [apache] enabled = true port = http,https filter = apache-auth logpath = /var/log/apache2/*error.log maxretry = 3 findtime = 600 [apache-noscript] enabled = true port = http,https filter = apache-noscript logpath = /var/log/apache2/*error.log maxretry = 3 findtime = 600 [apache-overflows] enabled = true port = http,https filter = apache-overflows logpath = /var/log/apache2/*error.log maxretry = 2 findtime = 600 [apache-badbots] enabled = true port = http,https filter = apache-badbots logpath = /var/log/apache2/*error.log maxretry = 2 findtime = 600 :wq # save and quit # restart fail2ban /etc/init.d/fail2ban restart iptables -L
Send Reports via Mail
You might want fail2ban report on filter action.
Too see who is trying to DDoS or bruteforce your box.
[apache]
: this jail is used to block failed login attempts.[apache-noscript]
: this jail is used to block remote clients who are searching for scripts on the website to execute.[apache-overflows]
: this jail is used to block clients who are attempting to request suspicious URLs.[apache-noscript]
: this jail is used to block remote clients who are searching for scripts on website to execute.[apache-badbots]
: this jail is used to block malicious bot requests.
Note : You can find the details of each rule described below.
enabled
: this option means Apache protection is on.port
: this option specifies the services that fail2ban monitors.filter
: this option refers the config file located in the/etc/fail2ban/filter.d/
directory.logpath
: this option specifies the location of log file.bantime
: this option specifies the number of seconds that a remote host will be blocked from the server.maxretry
: this option specifies the number of failed login attempts before a remote host is blocked for the length of the ban time.ignoreip
: this option allows you to whitelist certain IP addresses from blocking.
Creditzs: https://www.maketecheasier.com/fail2ban-protect-apache-ddos/
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!