This one came up as a result of the DoS attack last week when a site I administer was hit repeatedly for page downloads at the rate of 2 or 3 a second for a couple of hours. The same …
Tag Archives: fail2ban
Preventing Site Cloning and DoS with Fail2Ban
Fail2Ban behind an Amazon Load Balancer
When using F2B on servers that sit behind Amazon ELBs (and probably load balancers of other types), the client IP in the error log is usually that of the load balancer. Banning the load balancer from access is probably not …
Using Fail2Ban to protect WordPress
I posted some previous ideas on this that were okay, but they turned out to be less-than-ideal solutions. They work, but one of the blogs I watch over is a bit busy, and having Fail2Ban watching the Apache access.log was …
Protecting WordPress from script fishing attacks with Fail2Ban (more…)
A better, but slightly more complex, solution has been posted here A previous post here suggested using a blanket ban on all 404s recorded in the access.log, but this isn’t working quite as well as expected. Mainly due to the …
Protecting WordPress from script fishing attacks with Fail2Ban
A better, but slightly more complex, solution has been posted here Because WordPress redirects all incoming requests and serves dedicated 404 pages, nothing ends up in the Apache error.log. and so, The standard Fail2Ban filter apache-noscript.conf won’t work. So here’s …
Fail2Ban with sendEmail Python MTA and SMTP
The servers I administer are on Amazon cloud, and there are often problems with outgoing emails and sendmail, so for a quick fix to add outgoing email support to scripts, I’m okay with using sendEmail, a small Python SMTP email …
Fail2Ban Error – Iptables returned 200
This relates to seeing things like this in /var/log/fail2ban.log when restarting the fail2ban service: 2011-12-21 23:06:03,471 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport –dports http,https -j fail2ban-apache-wordpress-login iptables -F fail2ban-apache-wordpress-login iptables -X fail2ban-apache-wordpress-login returned 200 The very simple …
Protecting Apache webservers from WordPress admin login dictionary attacks with fail2ban
A better solution has been posted here but I’ll leave this post up too. A very popular webserver I administer has been getting more attention from the script kiddies, and the Apache access log has been filling up with repeated …
Recent Comments