Add 'README.apache-formspam' and 'README.webpath-abuse'.
This commit is contained in:
50
README.apache-formspam
Normal file
50
README.apache-formspam
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# ---
|
||||||
|
# README..apache-formspam
|
||||||
|
# ---
|
||||||
|
|
||||||
|
# Es sollen bestimmte POST requests abgesichert werden.
|
||||||
|
#
|
||||||
|
# abzusichernde Formularseiten:
|
||||||
|
#
|
||||||
|
# /suche/
|
||||||
|
# /profile/register.php
|
||||||
|
# /profile/forgotPassword.php
|
||||||
|
# /abo-service/kuendigung.php
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
|
||||||
|
#
|
||||||
|
cat <<'EOF' > /etc/fail2ban/filter.d/apache-formspam.conf
|
||||||
|
[Definition]
|
||||||
|
failregex = ^<HOST> - .* "POST (/suche/|/profile/register\.php|/profile/forgotPassword\.php|/abo-service/kuendigung\.php) HTTP/.*"
|
||||||
|
ignoreregex =
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
|
||||||
|
#
|
||||||
|
cat <<'EOF' > /etc/fail2ban/jail.d/apache-formspam.conf
|
||||||
|
[apache-formspam]
|
||||||
|
enabled = true
|
||||||
|
filter = apache-formspam
|
||||||
|
logpath = /var/log/apache2/nd-aktuell-access.log
|
||||||
|
maxretry = 100
|
||||||
|
findtime = 600
|
||||||
|
bantime = 1800
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Filter testen
|
||||||
|
#
|
||||||
|
fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/apache-formspam.conf
|
||||||
|
|
||||||
|
|
||||||
|
# fail2ban neu laden
|
||||||
|
#
|
||||||
|
systemctl restart fail2ban
|
||||||
|
|
||||||
|
|
||||||
|
# Status prüfen:
|
||||||
|
#
|
||||||
|
fail2ban-client status apache-formspam
|
||||||
44
README.webpath-abuse
Normal file
44
README.webpath-abuse
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# ---
|
||||||
|
# README.webpath-abuse
|
||||||
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
|
||||||
|
#
|
||||||
|
cat <<'EOF' > /etc/fail2ban/filter.d/webpath-abuse.conf
|
||||||
|
[Definition]
|
||||||
|
failregex = ^<HOST> .*(GET|POST) (/cgi-bin/.*|/graphql/.*|/alfacgiapi/.*|/xmlrpc\.php|/wp-admin/.*|/wp-content/plugins/.*|/wp-includes/.*|/makeasmtp\.php) HTTP.*
|
||||||
|
ignoreregex =
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
|
||||||
|
#
|
||||||
|
cat <<'EOF' > /etc/fail2ban/jail.d/webpath-abuse.conf
|
||||||
|
[apache-formspam]
|
||||||
|
[webpath-abuse]
|
||||||
|
enabled = true
|
||||||
|
port = http,https
|
||||||
|
filter = webpath-abuse
|
||||||
|
logpath = /var/log/apache2/ip_requests.log
|
||||||
|
maxretry = 4
|
||||||
|
findtime = 3600
|
||||||
|
bantime = 3600
|
||||||
|
|
||||||
|
#backend = auto
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Filter testen
|
||||||
|
#
|
||||||
|
fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/webpath-abuse.conf
|
||||||
|
|
||||||
|
|
||||||
|
# fail2ban neu laden
|
||||||
|
#
|
||||||
|
systemctl restart fail2ban
|
||||||
|
|
||||||
|
|
||||||
|
# Status prüfen:
|
||||||
|
#
|
||||||
|
fail2ban-client status webpath-abuse.conf
|
||||||
Reference in New Issue
Block a user