Hi,
I have a working fail2ban configuration which not only blocks IPs but also announces them to the AbuseIPDB. This is working fine for sshd and postfix-sasl, but not for apache-badbots (and resulting from that I would assume apache-overflow isn't working too). That's what I have:
In /etc/fail2ban/jail.d/defaults-debian.conf it is enable in same way like all the other rules:
[apache-badbots]
enabled = true
# Ban IP and report to AbuseIPDB
action = ""> %(action_abuseipdb)s[abuseipdb_apikey="<mykeyhere>", abuseipdb_category="19"]
In /etc/fail2ban/filter.d/apache-badbots.conf the unwanted bots are configured:
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider|MJ12bot|DataForSeoBot|cyberscan.io|dataforseo|SemrushBot
badbots = <loads of predefined bots here>
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*".*(?:%(badbots)s|%(badbotscustom)s).*"$
ignoreregex =
But none of these bots are ever detected/blocked/announced. This is true for both, bots that have an referrer, and bots that can be identified via the client string only. Even when I remove the AbuseIPDB-stuff and try to apply the badbots-rule only to block the related IPs, nothing happens. So bad bots are not blocked at all.
Any idea what could be wrong here?
Thanks!
Mike
I have a working fail2ban configuration which not only blocks IPs but also announces them to the AbuseIPDB. This is working fine for sshd and postfix-sasl, but not for apache-badbots (and resulting from that I would assume apache-overflow isn't working too). That's what I have:
In /etc/fail2ban/jail.d/defaults-debian.conf it is enable in same way like all the other rules:
[apache-badbots]
enabled = true
# Ban IP and report to AbuseIPDB
action = ""> %(action_abuseipdb)s[abuseipdb_apikey="<mykeyhere>", abuseipdb_category="19"]
In /etc/fail2ban/filter.d/apache-badbots.conf the unwanted bots are configured:
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider|MJ12bot|DataForSeoBot|cyberscan.io|dataforseo|SemrushBot
badbots = <loads of predefined bots here>
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*".*(?:%(badbots)s|%(badbotscustom)s).*"$
ignoreregex =
But none of these bots are ever detected/blocked/announced. This is true for both, bots that have an referrer, and bots that can be identified via the client string only. Even when I remove the AbuseIPDB-stuff and try to apply the badbots-rule only to block the related IPs, nothing happens. So bad bots are not blocked at all.
Any idea what could be wrong here?
Thanks!
Mike
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
