Hi,
I have a working fail2ban configuration which not only blocks IPs but also
announces them to the AbuseIPDB. This is working fine for sshd and
postfix-sasl, but not for apache-badbots (and resulting from that I would
assume apache-overflow isn't working too). That's what I have:
In /etc/fail2ban/jail.d/defaults-debian.conf it is enable in same way like all
the other rules:
[apache-badbots]
enabled = true
# Ban IP and report to AbuseIPDB
action = %(action_)s
%(action_abuseipdb)s[abuseipdb_apikey="<mykeyhere>",
abuseipdb_category="19"]
In /etc/fail2ban/filter.d/apache-badbots.conf the unwanted bots are configured:
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music
spider|MJ12bot|DataForSeoBot|cyberscan.io|dataforseo|SemrushBot
badbots = <loads of predefined bots here>
failregex = ^<HOST>
-.*"(GET|POST|HEAD).*HTTP.*".*(?:%(badbots)s|%(badbotscustom)s).*"$
ignoreregex =
But none of these bots are ever detected/blocked/announced. This is true for
both, bots that have an referrer, and bots that can be identified via the
client string only.
Any idea what could be wrong here?
Thanks!
Mike
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
