Opened by Gast at 2021-07-20 13:34
User since
2005-01-17
14748 Artikel
Admin1
![[Homepage]](/battie/theme/default/homepage.gif)
2005-01-17
14748 Artikel
Admin1
Meine Idee (ungetestet) ist so:
1. IP in eine Logdatei badip.log schreiben
Block 54.174.123.144
2. in Fail2ban einen Filter hinzufügen
Filter blockip.conf
3. Jail benutzen, die sofort und dauerhaft sperrt.
Abschnitt in jail.local (Anpassung nötig!):
Last edited: 2021-07-20 16:59:00 +0200 (CEST)
1. IP in eine Logdatei badip.log schreiben
Block 54.174.123.144
2. in Fail2ban einen Filter hinzufügen
Filter blockip.conf
Code: (dl
)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Fail2Ban filter for block of IPs
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# log file:
# Block 54.174.123.144
#
failregex = Block.*<HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
3. Jail benutzen, die sofort und dauerhaft sperrt.
Abschnitt in jail.local (Anpassung nötig!):
Code: (dl
)
1
2
3
4
5
6
7
[blockip]
maxretry = 1
bantime = -1
enabled = true
filter = blockip
action = iptables-multiport[name=blockip, port="http,https"]
logpath = /var/www/vhosts/example.com/logs/badip.log
Last edited: 2021-07-20 16:59:00 +0200 (CEST)