On Saturday 09 November 2019 15:07:51 mick crane wrote: > On 2019-11-09 18:01, Gene Heskett wrote: > > On Saturday 09 November 2019 08:59:14 Michael wrote: > >> > Rather then to use fail2ban for this, I would create un ipset > >> > that fail2ban can populate then use that ipset in iptables. > >> > >> i agree, but: > >> > One advantage of this is that you can add/delete ip from the > >> > ipset without having to restart fail2ban/iptables. > >> > >> RTFM > >> > >> fail2ban allows you to 'unban' an ip address as well: > >> > man fail2ban-client > >> > >> set <JAIL> unbanip <IP> > >> manually Unban <IP> in <JAIL> > > > > Whats this "jail"? The beginners tut seems to assume we've all had > > cs101 > > thru cs401 and Just Know all the secret handshakes bs already. > > Sorry, I've been hiding behind dd-wrt for about 2 decades and never > > had to worry about it before. > > > > Besides that the jail.d subdir of the install is empty. No > > jail.example file to give one an inkling of what its supposed to be > > like. Theres zero tutorial value in that. I was able, with the help > > of another responder to carve up some iptables rules to stop the > > DDOS that semrush, > > yandex, bingbot, and 2 or 3 others were bound to do to me. > > > > Understand I have no objections to those folks indexing my site so > > their > > search engines can find stuff, but to just repeatedly download the > > whole > > thing, copying it forever, reaching into nooks and crannies I don't > > even > > link to, using all my upload bandwidth for weeks at a time, will > > bring me to battle stations. And we both will suffer because of > > their poor behavior. > > > >> greetings... > > > > Cheers, Gene Heskett > > I like Gene, he is trying to make something work.
Something I have been extra-ordinarily good in the electronics field since quitting school early in my freshman year to go fix tv's for a living in '48. 100% self educated, I have taught more school than I have attended as a student since. I know the physics behind the electronics and can be a decent mechanic, my interests are best described as eclectic. Finishing my working time out as the CE at a tv station here in WV, 18 years occasionally behind an office door, but 98% of the time fixing what news could tear up, or keeping an old GE transmitter making a better pix than it did new. For lots longer at a time too. > When all this stuff started there seemed to be some sort of logic to > it and I can't say I understood much of it but the thing seems to be > now that there seems to be layers and layers of obscurity which makes > it trickier to figure out what is going on. > mick To help clarify that, fail2ban has been stopped and the battle is now being waged with iptables only. And I have about got the bots locked out. I just shut down someone pulling a linuxcnc stretch based install .iso because I know for a fact that my copy is now old, they should be getting that from wiki.linuxcnc.org to get a link to the latest. So I just nuked that and 2 or 3 other instances of outdated stuff. No sense spreading old code. Does that clarify things any? Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
