Hi ..

Trying to stop long term ddos attempts .. I have Nginx Ultimate Bad Bot installed and testing with the given curls proves it is working. I have setup the jail and created the repeatoffender config files and the blank file in etc/fail2ban folder.

it does not seem to match the log lines in my nginx log file (ubuntu 20.04) .. Any help would be appreciated. Jack

A few lines from the nginx log file from an offender spoofing AWS ips.

54.208.151.19 - - [06/Mar/2022:18:59:07 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:08 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:10 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1"

From fail2ban-regex output ..

Running tests

Use failregex line : ^ - \S+ [.] \"(GET|POST|HEAD) . \S+\" (... Use single line : 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] ras...

Results

Failregex: 0 total

Ignoreregex: 0 total

Date template hits: |- [# of hits] date format | [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)? `-

Lines: 1 lines, 0 ignored, 0 matched, 1 missed [processed in 0.02 sec]

|- Missed line(s): | 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" `-

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Unable to get repeatoffender regex to match log out put #466

Running tests

Results