Add 'README.apache-formspam' and 'README.webpath-abuse'.

2025-08-03 01:12:45 +02:00
parent dc048a6d88
commit f1400dd087
2 changed files with 94 additions and 0 deletions
--- a/README.webpath-abuse
+++ b/README.webpath-abuse
@ -0,0 +1,44 @@
+# ---
+# README.webpath-abuse
+# ---
+
+
+# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/filter.d/webpath-abuse.conf
+[Definition]
+failregex = ^<HOST> .*(GET|POST) (/cgi-bin/.*|/graphql/.*|/alfacgiapi/.*|/xmlrpc\.php|/wp-admin/.*|/wp-content/plugins/.*|/wp-includes/.*|/makeasmtp\.php) HTTP.*
+ignoreregex =
+EOF
+
+
+# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
+#
+cat <<'EOF' > /etc/fail2ban/jail.d/webpath-abuse.conf
+[apache-formspam]
+[webpath-abuse]
+enabled = true
+port    = http,https
+filter  = webpath-abuse
+logpath = /var/log/apache2/ip_requests.log
+maxretry = 4
+findtime = 3600
+bantime = 3600
+
+#backend = auto
+EOF
+
+
+# Filter testen
+#
+fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/webpath-abuse.conf
+
+
+# fail2ban neu laden
+#
+systemctl restart fail2ban
+
+
+# Status prüfen:
+#
+fail2ban-client status webpath-abuse.conf