Trying to stop long term ddos attempts .. I have Nginx Ultimate Bad Bot installed and testing with the given curls proves it is working. I have setup the jail and created the repeatoffender config files and the blank file in etc/fail2ban folder.
it does not seem to match the log lines in my nginx log file (ubuntu 20.04) .. Any help would be appreciated. Jack
A few lines from the nginx log file from an offender spoofing AWS ips.
Use failregex line : ^ - \S+ [.] \"(GET|POST|HEAD) . \S+\" (...
Use single line : 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] ras...
Results
Failregex: 0 total
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)?
`-
Hi ..
Trying to stop long term ddos attempts .. I have Nginx Ultimate Bad Bot installed and testing with the given curls proves it is working. I have setup the jail and created the repeatoffender config files and the blank file in etc/fail2ban folder.
it does not seem to match the log lines in my nginx log file (ubuntu 20.04) .. Any help would be appreciated. Jack
A few lines from the nginx log file from an offender spoofing AWS ips.
54.208.151.19 - - [06/Mar/2022:18:59:07 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:08 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:10 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1"
From fail2ban-regex output ..
Running tests
Use failregex line : ^ - \S+ [.] \"(GET|POST|HEAD) . \S+\" (...
Use single line : 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] ras...
Results
Failregex: 0 total
Ignoreregex: 0 total
Date template hits: |- [# of hits] date format | [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)? `-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed [processed in 0.02 sec]
|- Missed line(s): | 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" `-