Hi, On my Ubuntu 10.04 64 bit server, I found that there was a filter bad_bot inside fail2ban filter directory. However, there is no command line about this inside the jail.local file. Does anyone know how to use this bad_bot filter? This filter should have relationship with China bad/malicious search engines. We should watch out for this.
Hey! I have found the answer by myself! [apache-badbots] enabled = true port = http,https filter = apache-badbots logpath = /var/log/apache*/*access.log maxretry = 2 http://edin.no-ip.com/blog/hswong3i/filter-spam-or-bad-robot-visit-your-apache-fail2ban
2 more useful fail2ban filters for http access: [apache-nohome] enabled = true port = http,https filter = apache-nohome logpath = /var/log/apache*/*error.log maxretry = 2 [php-url-fopen] enabled = true port = http,https filter = php-url-fopen logpath = /var/log/apache*/*access.log maxretry = 1
