how to get rid of all those HTTP bots with fail2ban
You want to get rid of all these annoying requests for myphpadmin and the like in your apache webserver?
Here is how i do it:
- I scan all the *access.logs of all my apaches on all my virtual linux vserver guests in one fail2ban instance at the host.
- I use the access.log because i have rewrite rules that ban and forbid some things with 403 without making an entry in the error.log.
- I also have a dummy apache NameVirtualHost at each IP adress that gets the requests for invalid
hostnames or just bots that query by ip address only without a hostname.
Of course these dummy servers dont generate error.logs - So i want to ban all 404 or 403 requests that match some well known words in the request url like "myadmin" or "setup.php" and case insensitive of course.
- i want to ban only automated bots and scripts also the very slow ones which give only one request every few hours
/etc/fail2ban/filter.d/apache-antibot.conf
/etc/fail2ban/jail.conf
[apache-antibot-webserver-xx] enabled = true filter = apache-antibot port = http,https logpath = /var/lib/vservers/webserver-xx/var/log/apache2/*access.log # try to target only automated bots maxretry = 10 # find also slow bots that try to hide in the log files findtime = 432000 # keep em long away if found bantime = 864000
done in UTF-8 with vim by Philipp Lopaur in 2012
