From f1400dd087fbba3d69f6cb853d4aaff0b1d95e38 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sun, 3 Aug 2025 01:12:45 +0200
Subject: [PATCH] Add 'README.apache-formspam' and 'README.webpath-abuse'.

---
 README.apache-formspam | 50 ++++++++++++++++++++++++++++++++++++++++++
 README.webpath-abuse   | 44 +++++++++++++++++++++++++++++++++++++
 2 files changed, 94 insertions(+)
 create mode 100644 README.apache-formspam
 create mode 100644 README.webpath-abuse

diff --git a/README.apache-formspam b/README.apache-formspam
new file mode 100644
index 0000000..539e6b6
--- /dev/null
+++ b/README.apache-formspam
@@ -0,0 +1,50 @@
+# ---
+# README..apache-formspam
+# ---
+
+# Es sollen bestimmte POST requests abgesichert werden.
+#
+# abzusichernde Formularseiten:
+#
+#     /suche/
+#	   /profile/register.php
+#	   /profile/forgotPassword.php
+#	   /abo-service/kuendigung.php
+#
+
+
+# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/filter.d/apache-formspam.conf
+[Definition]
+failregex = ^<HOST> - .* "POST (/suche/|/profile/register\.php|/profile/forgotPassword\.php|/abo-service/kuendigung\.php) HTTP/.*"
+ignoreregex =
+EOF
+
+
+# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/jail.d/apache-formspam.conf
+[apache-formspam]
+enabled = true
+filter = apache-formspam
+logpath = /var/log/apache2/nd-aktuell-access.log
+maxretry = 100
+findtime = 600
+bantime = 1800
+EOF
+
+
+# Filter testen
+#
+fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/apache-formspam.conf
+
+
+# fail2ban neu laden
+#
+systemctl restart fail2ban
+
+
+# Status prüfen:
+#
+fail2ban-client status apache-formspam
diff --git a/README.webpath-abuse b/README.webpath-abuse
new file mode 100644
index 0000000..17f119f
--- /dev/null
+++ b/README.webpath-abuse
@@ -0,0 +1,44 @@
+# ---
+# README.webpath-abuse
+# ---
+
+
+# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/filter.d/webpath-abuse.conf
+[Definition]
+failregex = ^<HOST> .*(GET|POST) (/cgi-bin/.*|/graphql/.*|/alfacgiapi/.*|/xmlrpc\.php|/wp-admin/.*|/wp-content/plugins/.*|/wp-includes/.*|/makeasmtp\.php) HTTP.*
+ignoreregex =
+EOF
+
+
+# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/jail.d/webpath-abuse.conf
+[apache-formspam]
+[webpath-abuse]
+enabled = true
+port    = http,https
+filter  = webpath-abuse
+logpath = /var/log/apache2/ip_requests.log
+maxretry = 4
+findtime = 3600
+bantime = 3600
+
+#backend = auto
+EOF
+
+
+# Filter testen
+#
+fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/webpath-abuse.conf
+
+
+# fail2ban neu laden
+#
+systemctl restart fail2ban
+
+
+# Status prüfen:
+#
+fail2ban-client status webpath-abuse.conf