Comments (11)
Try using in jail.local
backend = auto
I see you are using pynotify ??? did you change that for a reason?
from nginx-ultimate-bad-bot-blocker.
Here's my very stripped down jail.local
# Local Jail.conf File
[INCLUDES]
before = paths-debian.conf
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 600
findtime = 600
maxretry = 6
backend = auto
usedns = yes
logencoding = auto
enabled = false
filter = %(__name__)s
destemail = [email protected]
sender = [email protected]
sendername = Fail2Ban
mta = mail
protocol = tcp
chain = INPUT
port = 0:65535
banaction = iptables-multiport
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", sender="%(sender)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", sender="%(sender)s", logpath=%(logpath)s, chain="%(chain)s"]
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
action_mybadips = badips[category="badbots", key="5c7dda713d5defa1994af8b3ee6270e8561566a5"]
action = %(action_mwl)s
# JAILS
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.*
maxretry = 6
[ssh-ddos]
enabled = true
port = ssh
filter = sshd-ddos
logpath = /var/log/auth.*
maxretry = 6
[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = %(nginx_access_log)s
maxretry = 3
[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = %(nginx_access_log)s
maxretry = 6
[nginx-noscript]
enabled = false
port = http,https
filter = nginx-noscript
logpath = %(nginx_access_log)s
maxretry = 6
[nginx-nohome]
enabled = true
port = http,https
filter = nginx-nohome
logpath = %(nginx_access_log)s
maxretry = 6
[nginx-limit-req]
enabled = true
port = http,https
filter = nginx-limit-req
logpath = %(nginx_error_log)s
maxretry = 1
[recidive]
enabled = false
logpath = /var/log/fail2ban.*
banaction = iptables-allports
action = %(action_mwl)s
bantime = 31536000 ; forever
findtime = 31536000 ; 3 months
maxretry = 10
[nginxrepeatoffender]
enabled = true
logpath = %(nginx_access_log)s
filter = nginxrepeatoffender
banaction = nginxrepeatoffender
bantime = 86400 ; 1 day
findtime = 604800 ; 1 week
maxretry = 20
from nginx-ultimate-bad-bot-blocker.
I used to have backend = auto set on my default jail already, but I even tried to include it in every jail, and I still get this annoying message telling me that I'm using pynotify.
I also tried using your settings the way they are, I just removed nginx-noscript and nginx-nohome, because I don't have these filters. But I still get told that I'm using pynotify. I didn't touch my jail.conf. Is there any other place I can tell fail2ban to keep backend to auto?
from nginx-ultimate-bad-bot-blocker.
are you sure you have enough 403 or 444 errors to make it block someone?
try
grep '444' /var/log/nginx/mysite.com.error.log
grep '403' /var/log/nginx/mysite.com.error.log
and see how many occurences there are
from nginx-ultimate-bad-bot-blocker.
My logs just rotated recently, but I usually get tons of 444 requests from Seznam, DotBot and Ahrefs in a weekly period of time, and those requests are spotted on mysite.com.access.log, and not on the mysite.com.error.log, which is empty.
I'm experiencing this issue for two weeks or so, and ever since I never got a repeat offender banned so far, and also never figured out what's going on.
My ssh, and ssh-ddos jails are also using pynotify, but they are working. I can't image why the heck Fail2ban keeps picking up pynotify.
from nginx-ultimate-bad-bot-blocker.
Oh, it's also worth mentioning that back in the day I used to lower the maxretries to something like 2, to test if it would work without waiting for 20 444 requests.
from nginx-ultimate-bad-bot-blocker.
from nginx-ultimate-bad-bot-blocker.
Ohh, that's a good one. How can I reflect your settings? Also, which backend do your jails pick up? I'm not forcing pynotify, it happens that it's being randomly picked up when my backend is set to auto.
Thank you once again!
from nginx-ultimate-bad-bot-blocker.
from nginx-ultimate-bad-bot-blocker.
Thank you so much, bro!
:-)
from nginx-ultimate-bad-bot-blocker.
Edit the following 2 files and replace with these contents.
nano /etc/logrotate.d/fail2ban
/var/log/fail2ban.log {
missingok
notifempty
monthly
rotate 13
create 640 root adm
postrotate
/usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 2> /dev/null || true
endscript
}
nano /etc/logrotate.d/nginx
/var/log/nginx/*.log {
monthly
missingok
rotate 13
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
from nginx-ultimate-bad-bot-blocker.
Related Issues (20)
- https://www.letsencrypt.org (CertBot renewal is being blocked 444) HOT 3
- [User-Agent] Axios is a popular http library used in Nodejs HOT 1
- Integration with abuseipdb.com HOT 3
- [INSTALLATION] integrated w/ engintron, but does not work
- Updated BingBot IP Ranges HOT 7
- [User-Agent] BrandVerity HOT 1
- [User-Agent] AwarioBot HOT 3
- [User-Agent] Bytespider, Bytedance didn't get to block after install bad bot blocker
- linkfluence HOT 4
- AwarioBot Addition HOT 1
- [INSTALLATION] nginx -t return warn HOT 1
- Whitelist Yahoo HOT 2
- [User-Agent] InternetMeasurement
- [BUG] Nginx logs shows permissions denied error to /etc/nginx/conf.d/globalblacklist.conf HOT 1
- New "super rate limiting" zone (1r/m) in addition of the current one (2r/s) HOT 14
- blacklist-ips.conf does not do anything for me
- [User-Agent] GeedoProductSearch
- [User-Agent] Information Security Team InfraSec Scanner
- [INSTALLATION] Fail2ban/crowdsec and their interaction with this project, worth it? HOT 1
- [BUG] (Please add a way to uninstall completely) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-ultimate-bad-bot-blocker.