44 lines
884 B
Plaintext
44 lines
884 B
Plaintext
# ---
|
|
# README.webpath-abuse
|
|
# ---
|
|
|
|
|
|
# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
|
|
#
|
|
cat <<'EOF' > /etc/fail2ban/filter.d/webpath-abuse.conf
|
|
[Definition]
|
|
failregex = ^<HOST> .*(GET|POST) (/cgi-bin/.*|/graphql/.*|/alfacgiapi/.*|/xmlrpc\.php|/wp-admin/.*|/wp-content/plugins/.*|/wp-includes/.*|/makeasmtp\.php) HTTP.*
|
|
ignoreregex =
|
|
EOF
|
|
|
|
|
|
# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
|
|
#
|
|
cat <<'EOF' > /etc/fail2ban/jail.d/webpath-abuse.conf
|
|
[webpath-abuse]
|
|
enabled = true
|
|
port = http,https
|
|
filter = webpath-abuse
|
|
logpath = /var/log/apache2/ip_requests.log
|
|
maxretry = 4
|
|
findtime = 3600
|
|
bantime = 3600
|
|
|
|
#backend = auto
|
|
EOF
|
|
|
|
|
|
# Filter testen
|
|
#
|
|
fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/webpath-abuse.conf
|
|
|
|
|
|
# fail2ban neu laden
|
|
#
|
|
systemctl restart fail2ban
|
|
|
|
|
|
# Status prüfen:
|
|
#
|
|
fail2ban-client status webpath-abuse.conf
|