On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
Whats this "jail"? The beginners tut seems to assume we've all had cs101
thru cs401 and Just Know all the secret handshakes bs already.
no idea what you're talking about... i almost never read any tutorial, just
man pages. that's what i think they're here for (althuogh i have to admit
the quality varies a lot!).
so, a jail is just a name for a set of blocking rules, filters and actions.
- the rule (a file in /etc/fail2ban/jail.d/, e.g. genes-apache.conf)
describes what should be blocked, why, and for how long.
- the filter (located in /etc/fail2ban/filter.d/) describes (whith a python
regular expression) which log file entry triggers the rule to act upon. in
your case it could be something somebody described here in another post
with the semrush bot. or just anything you desire.
- actions are defined in /etc/fail2ban/action.d/, and, well, they define
what should happen if a rule is to be executed. one might say, the
triggering ip address goes into jail.
sorry, if you already know that, but i felt like you didn't quite.
Sorry,
I've been hiding behind dd-wrt for about 2 decades and never had to
worry about it before.
nothing to be ashamed about. in fact, quite the opposite! i use an openwrt
router, too. so...
Besides that the jail.d subdir of the install is empty.
hm, after installing fail2ban i had a 'defaults-debian.conf' in jail.d,
which enables the jail for sshd.
No jail.example
file to give one an inkling of what its supposed to be like.
RTFM!
man jail.conf
and /etc/fail2ban/jail.conf is a perfectly valid example of many jails.
Theres zero tutorial value in that.
i'm old school, so sorry for me repeating: RTFM!
I was able, with the help of another
responder to carve up some iptables rules to stop the DDOS that semrush,
yandex, bingbot, and 2 or 3 others were bound to do to me.
using iptables directly is fine, because you get your results fast, but it
lacks some advantages over fail2ban, which i think outweigh the simplicity
of iptables:
- whith iptables you have to scan your log regularly for misbehaving or
unwanted clients, whereas fail2ban does this automatically, constantly (!),
and based on rules. from time to time these rules have to be adapted, since
bots are evolving, but i think it's still less trouble than looking at log
files every day or so.
- fail2ban allows you to block only specific ports, in your case maybe 80
and/or 443 for the web server.
- you have to remember which ip address you blocked, why and for how long
you want to block them. fail2ban does that for you.
- ... (too lazy right now to write more)
greetings...
