From 02180d6746b912bfb9fb1f345f4b0d23ae1c7a9c Mon Sep 17 00:00:00 2001 From: Mitchell Krog Date: Wed, 11 Jan 2017 15:28:58 +0200 Subject: [PATCH] Fail2Ban Filter Regex Modified --- Fail2Ban/README.md | 8 ++++---- Fail2Ban/action.d/nginxrepeatoffender.conf | 8 ++++---- Fail2Ban/filter.d/nginxrepeatoffender.conf | 10 +++++----- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Fail2Ban/README.md b/Fail2Ban/README.md index 8fc4e3ef8..f27cf11d8 100644 --- a/Fail2Ban/README.md +++ b/Fail2Ban/README.md @@ -1,13 +1,13 @@ # Fail2Ban Blacklist for Repeat Offenders of Nginx (action.d) ### Author: Mitchell Krog -### Version: 1.0 +### Version: 1.1 # Add on for Nginx Ultimate Bad Bot blocker GitHub: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker -##### Tested On: Fail2Ban 0.91 +##### Tested On: Fail2Ban 0.9.3 ##### Server: Ubuntu 16.04 ##### Firewall: IPTables @@ -28,9 +28,9 @@ Only works with IPTables The Recidive Jail from Fail2Ban This custom filter and action for Fail2Ban will monitor your Nginx logs and perma-ban -any IP address that has generated far too many 444 errors over a 1 week period +any IP address that has generated far too many 444 or 403 errors over a 1 week period and ban them for 1 day. This works like a charm as an add-on for my Nginx Bad -Bot Blocker which takes care of generating the 444 errors based on the extensive +Bot Blocker which takes care of generating the 444 or 403 errors based on the extensive list of Bad Referers, Bots, Scrapers and IP addresses that it covers. This provides short block periods of one day which is enough to keep agressive bots from filling up your log files. See - https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker for more info on the Nginx Bad Bot Blocker diff --git a/Fail2Ban/action.d/nginxrepeatoffender.conf b/Fail2Ban/action.d/nginxrepeatoffender.conf index 28ae14085..fed9d0879 100644 --- a/Fail2Ban/action.d/nginxrepeatoffender.conf +++ b/Fail2Ban/action.d/nginxrepeatoffender.conf @@ -2,12 +2,12 @@ # Fail2Ban Blacklist for Repeat Offenders of Nginx (action.d) # # Author: Mitchell Krog -# Version: 1.0 +# Version: 1.1 # # Add on for Nginx Ultimate Bad Bot blocker # GitHub: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker # -# Tested On: Fail2Ban 0.91 +# Tested On: Fail2Ban 0.9.3 # Server: Ubuntu 16.04 # Firewall: IPTables # @@ -21,9 +21,9 @@ # # Based on: The Recidive Jail from Fail2Ban # This custom filter and action will monitor your Nginx logs and perma-ban -# any IP address that has generated far too many 444 errors over a 1 week period +# any IP address that has generated far too many 444 or 403 errors over a 1 week period # and ban them for 1 day. This works like a charm as an add-on for my Nginx Bad -# Bot Blocker which takes care of generating the 444 errors based on the extensive +# Bot Blocker which takes care of generating the 444 or 403 errors based on the extensive # list of Bad Referers, Bots, Scrapers and IP addresses it covers. # See - https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker for more info # diff --git a/Fail2Ban/filter.d/nginxrepeatoffender.conf b/Fail2Ban/filter.d/nginxrepeatoffender.conf index 0277d5044..3598a7170 100644 --- a/Fail2Ban/filter.d/nginxrepeatoffender.conf +++ b/Fail2Ban/filter.d/nginxrepeatoffender.conf @@ -2,12 +2,12 @@ # Fail2Ban Blacklist for Repeat Offenders of Nginx (filter.d) # # Author: Mitchell Krog -# Version: 1.0 +# Version: 1.1 # # Add on for Nginx Ultimate Bad Bot blocker # GitHub: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker # -# Tested On: Fail2Ban 0.91 +# Tested On: Fail2Ban 0.9.3 # Server: Ubuntu 16.04 # Firewall: IPTables # @@ -21,9 +21,9 @@ # # Based on: The Recidive Jail from Fail2Ban # This custom filter and action will monitor your Nginx logs and perma-ban -# any IP address that has generated far too many 444 errors over a 1 week period +# any IP address that has generated far too many 444 or 403 errors over a 1 week period # and ban them for 1 day. This works like a charm as an add-on for my Nginx Bad -# Bot Blocker which takes care of generating the 444 errors based on the extensive +# Bot Blocker which takes care of generating the 444 or 403 errors based on the extensive # list of Bad Referers, Bots, Scrapers and IP addresses it covers. # See - https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker for more info # @@ -51,7 +51,7 @@ _daemon = fail2ban\.actions\s* # jail using this filter 'nginxrepeatoffender', or change this line! _jailname = nginxrepeatoffender -failregex = ^ -.*GET.*444\s0 +failregex = ^ \- \S+ \[\] \"(GET|POST|HEAD) \/ \S+\" (?:403|444) .+$ ignoreregex = [Init]