search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.81k stars 472 forks source link

[INSTALLATION] Issue with fail2ban #465

Open killmasta93 opened 2 years ago

killmasta93 commented 2 years ago

Hi Currently trying to install the fail2ban addon, which i got it working with nginxrepeatoffender but cannot seem to ban myself using the nginx-limit-req

Currently added this part into my nginx.conf


root@wordpress:~# cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    ##
    # Basic Settings
    ##
 limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s;

then on my default added this part


    location / {

  include /etc/nginx/bots.d/ddos.conf;
        include /etc/nginx/bots.d/blockbots.conf;
  limit_req zone=lr_zone burst=1 nodelay;
  try_files $uri $uri/ /index.php?$args;
    }

i checked the fail2ban logs 

2022-02-27 19:03:35,470 fail2ban.jail           [19879]: INFO    Jail 'nginx-naxsi' started
2022-02-27 19:03:35,472 fail2ban.jail           [19879]: INFO    Jail 'nginxrepeatoffender' started
2022-02-27 19:03:35,475 fail2ban.jail           [19879]: INFO    Jail 'nginx-limit-req' started

then i try to brute force the wp-login but doesn't seem to show any logs, not sure if missed something

Thank you

killmasta93 commented 2 years ago

i rebooted and now its working

2022-02-27 19:41:51,898 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:51
2022-02-27 19:41:51,901 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:51
2022-02-27 19:41:52,353 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:52
2022-02-27 19:41:52,374 fail2ban.actions        [19879]: NOTICE  [nginx-limit-req] Ban 192.168.3.254
2022-02-27 19:41:52,393 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:52
2022-02-27 19:41:52,488 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:52
2022-02-27 19:41:52,564 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:52
2022-02-27 19:41:52,594 fail2ban.filter         [19879]: INFO    [nginx-limit-req] Found 192.168.3.254 - 2022-02-27 19:41:52
killmasta93 commented 2 years ago

Hi again, So it seems that its working but its constantly blocking when accessing the site 

2022/02/27 21:05:07 [error] 20221#0: *6174 limiting requests, excess: 1.762 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-content/uploads/2021/04/Deep_Home.gif HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/"
2022/02/27 21:05:07 [error] 20222#0: *6173 limiting requests, excess: 1.761 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-includes/js/wp-embed.min.js?ver=5.8.2 HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/"
2022/02/27 21:05:07 [error] 20222#0: *6165 limiting requests, excess: 1.757 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-content/uploads/2021/04/LOADER.gif HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/"
2022/02/27 21:05:07 [error] 20221#0: *6171 limiting requests, excess: 1.754 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/wp-content/cache/wpfc-minified/fh1fea9b/61h1o.css"
2022/02/27 21:05:07 [error] 20221#0: *6171 limiting requests, excess: 1.740 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-includes/js/jquery/ui/core.min.js?ver=1.12.1 HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/"
2022/02/27 21:05:07 [error] 20222#0: *6165 limiting requests, excess: 1.737 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/wp-content/cache/wpfc-minified/fh1fea9b/61h1o.css"
2022/02/27 21:05:07 [error] 20222#0: *6165 limiting requests, excess: 1.707 by zone "lr_zone", client: 190.249.xx.xx, server: domain.com.com, request: "GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.ttf HTTP/1.1", host: "domain.com.com", referrer: "https://domain.com.com/wp-content/cache/wpfc-minified/fh1fea9b/61h1o.css"