Tag Archives: fail2ban

Apache+fail2ban+apache-badbots

How to stop bots (see earlier post for definition)? Take care to pair up correctly Apache logs and apropriate fail2ban function! In my case apache-badbots is paired up with all access type Apache logs (this does include also SquirrelMail access … Continue reading

Posted in Linux | Tagged , , | Comments Off on Apache+fail2ban+apache-badbots

fail2ban + pop3 + imap

How to register unsuccesful log in on SquirrelMail webmail : In file /etc/fail2ban/jail.conf we add the following : [imap-login] enabled = true filter = imap-login action = iptables-multiport[name=BadBots, port=”http,https,pop3,pop3s,imap,imaps”, protocol=tcp”] sendmail-buffered[name=BadBots, lines=5, dest=admin-postmaster@moj.domen] logpath = /var/log/messages maxretry = 3 We … Continue reading

Posted in Linux | Tagged , , | Comments Off on fail2ban + pop3 + imap

fail2ban and Apache

There are a few fail2ban filters for Apache, and it is very important which filter is listening to which log. Filters are : * apache-tcpwrapper : Under CentOS / RedHat Enterprise Linux, httpd (Apache) is not compiled with tcpwrappers support. … Continue reading

Posted in Linux | Tagged , | Comments Off on fail2ban and Apache

fail2ban

What is it for : Fail2ban scans log files such as /var/log/security or /var/log/apache/error_log, and forbids IP addressses which make the most number of failed log attempts (go over the set number of failed logs). It adds firewall rules to … Continue reading

Posted in Linux | Tagged | Comments Off on fail2ban