Also another thing that I do, is set the default website to an empty website. This caches all bots going to the server
ip address instead of a url.
I set up a 307 redirect to a page on my main website, and even that page counts
as a strike against them.
Bots usually don't follow the redirect, and they get banned after a couple
attempts of anything.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
-------- Original Message --------
*Subject: * Re: [Fail2ban-users] which jail to enable for crawlers looking for
CMS vulnerabilities
*From: * Wayne Sallee <wa...@waynesallee.com>
*To: * Fail2ban-users <fail2ban-users@lists.sourceforge.net>
*CC: *
*Date: * 2019-8-17 09:13 AM
You should create a custom jail like the following:
#******
cat > /etc/fail2ban/filter.d/custom-web-filter.conf << "EOF"
[Init]
badbots = BanMePlease|phpMyAdmin|base64_decode
[Definition]
failregex = (:80|:443) <HOST> .*(?:<badbots>)
ignoreregex =
EOF
#*******
Wayne Sallee
wa...@waynesallee.com
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
