[Fail2ban-users] apache-fakegooglebot

Wed, 24 Jun 2015 02:06:07 -0700 

apache-fakegooglebot uses an ignore command in jail.conf as follows:

[apache-fakegooglebot]

port     = http,https
logpath  = %(apache_access_log)s
maxretry = 1
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>

This does seem to work however, in my logs this is what I see:

2015-06-24 04:41:39,255 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 97.74.198.34 --
stdout: b''
2015-06-24 04:41:39,288 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 97.74.198.34 --
stderr: b''
2015-06-24 04:41:39,419 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 97.74.198.34 --
returned 1
2015-06-24 04:41:40,205 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 98.27.207.80 --
stdout: b''
2015-06-24 04:41:40,221 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 98.27.207.80 --
stderr: b''
2015-06-24 04:41:40,360 fail2ban.action         [3210]: ERROR
/etc/fail2ban/filter.d/ignorecommands/apache-fakegooglebot 98.27.207.80 --
returned 1

... about 4 minutes later...

2015-06-24 04:45:37,398 fail2ban.actions        [3210]: NOTICE
 [apache-fakegooglebot] Ban 97.74.198.34
2015-06-24 04:45:38,681 fail2ban.actions        [3210]: NOTICE
 [apache-fakegooglebot] Ban 98.27.207.80

It appears that fail2ban sees the return code from the ignorecommand as an
error, whereas it is correctly using this return code to know whether to
ban this hit or not.  Initially I thought this might be a python 2 vs 3
difference, now I'm not sure.

Secondly, why does it take about 4 minutes before the actual ban happens?
I also don't see any FOUND line for these events.

It seems to be working, I just am trying to understand what's going on.

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to