From: sebastian <seb...@de...> - 2009-01-19 16:47:50
|
Hello, does anybody uses fail2ban for fight against 40x errors? I think a botnet calls some url of my server (=40x errors) and then a new ip came and produces 40x errors and so on.... i wan't to set up a rule: if an ip-adress hit for example 10 40x errors in 1 Minute, i think it is a bad bot and it should have a blocking for 1 hour does anybody uses this rule in this time and how you have created this rule? tnx sebastian |
From: Cyril J. <cyr...@fa...> - 2009-01-21 22:51:49
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi sebastian, > does anybody uses fail2ban for fight against 40x errors? > > I think a botnet calls some url of my server (=40x errors) and then a > new ip came and produces 40x errors and so on.... > > i wan't to set up a rule: > > if an ip-adress hit for example 10 40x errors in 1 Minute, i think it is > a bad bot and it should have a blocking for 1 hour > > does anybody uses this rule in this time and how you have created this rule? > Maybe you should have a look at apache-badbots.conf: http://fail2ban.svn.sourceforge.net/viewvc/fail2ban/branches/FAIL2BAN-0_8/config/filter.d/apache-badbots.conf?revision=668 Regards, Cyril -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl3pvUACgkQlYy8cEwUMaQHiQCfdAIX/LTS8LaGD9aPoDkKe9FO eEAAnj7ZGpmmmOsysGLxqu3dzkgYrYLk =8h/h -----END PGP SIGNATURE----- |