fail2ban

Discussion in 'ISPConfig 3 Priority Support' started by chief, Nov 8, 2024 at 4:24 PM.

  1. chief

    chief Member HowtoForge Supporter

    Hey,
    Debian 12, ispconfig 3.2.12p1, multiserver setup
    off a fresh install, do i add to
    Code:
    /etc/fail2ban/jail.local
    the following to enable ssh blocking
    Code:
    [sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3 # Allow 3 failed attempts bantime = 1209600 # Ban time in seconds (2 weeks = 1209600 seconds) findtime = 600
    also, i have been having this type of attack
    Code:
    83.239.111.100 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
104.28.156.216 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3390 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
152.32.64.43 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 14; VOG-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.119 Mobile Safari/537.36 OPR/83.1.2254.73239"
129.158.206.153 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1"
94.251.9.94 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
42.200.126.208 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
112.247.150.189 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0"
190.131.242.70 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
38.188.112.190 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
38.10.180.42 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3362 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.119 Mobile/15E148 Safari/604.1"
45.181.12.10 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
103.163.80.70 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
124.90.35.242 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.55 Version/18.0 Mobile/15E148 Safari/604.1"
49.147.137.87 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
45.161.32.90 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
103.173.72.3 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
45.161.32.90 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
103.166.10.117 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.89 Mobile/15E148 Safari/604.1"
149.18.51.37 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.55 Version/18.0 Mobile/15E148 Safari/604.1"
112.247.150.189 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0"
200.111.232.94 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.119 Mobile/15E148 Safari/604.1"
58.69.63.220 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.89 Mobile/15E148 Safari/604.1"
8.242.178.28 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.36 Mobile/15E148 Safari/604.1"
167.99.39.82 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
91.219.239.166 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3362 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
5.252.118.247 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/131.0 Mobile/15E148 Safari/605.1.15"
167.99.39.82 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.113 Mobile/15E148 Safari/604.1"
47.122.0.169 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Mobile Safari/537.36 EdgA/129.0.0.0"
45.65.224.74 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
149.34.210.56 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
38.255.86.4 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 14; VOG-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.113 Mobile Safari/537.36 OPR/84.6.4452.81734"
144.76.138.207 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3362 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/129.0.2792.79 Version/18.0 Mobile/15E148 Safari/604.1"
168.205.102.26 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.89 Mobile/15E148 Safari/604.1"
169.197.141.84 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.85 Mobile/15E148 Safari/604.1"
179.49.236.2 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.85 Mobile/15E148 Safari/604.1"
36.76.105.222 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1"
37.44.238.2 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Mobile Safari/537.36"
70.39.111.243 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
188.170.99.250 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.85 Mobile/15E148 Safari/604.1"
78.108.182.64 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
70.39.111.241 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.85 Mobile/15E148 Safari/604.1"
141.11.216.117 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 12; VOG-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.119 Mobile Safari/537.36 OPR/83.1.2254.73239"
42.112.21.233 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
154.70.80.41 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
103.78.201.242 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
222.59.175.174 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Mobile Safari/537.36"
212.41.28.179 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36"
200.110.173.17 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
218.95.39.18 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Mobile Safari/537.36"
182.253.193.154 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.2) Gecko/20100101 Firefox/130.2"
101.255.167.174 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.119 Mobile/15E148 Safari/604.1"
27.112.66.98 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
38.9.141.63 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/128.0.6613.36 Mobile/15E148 Safari/604.1"
45.83.131.41 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
103.154.139.122 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
103.147.247.184 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/129.0.6668.90 Mobile/15E148 Safari/604.1"
103.14.92.199 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Mobile Safari/537.36"
103.148.24.134 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36"
103.163.111.56 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Mobile Safari/537.36"
203.14.18.146 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.54 Version/17.0 Mobile/15E148 Safari/604.1"
203.190.46.131 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
103.154.77.110 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"
154.12.60.245 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.55 Version/17.0 Mobile/15E148 Safari/604.1"
46.150.22.9 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Mobile Safari/537.36"
154.12.60.245 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.55 Version/17.0 Mobile/15E148 Safari/604.1"
154.12.60.245 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/128.0.2739.55 Version/17.0 Mobile/15E148 Safari/604.1"
103.189.96.196 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Edg/128.0.0.0"
172.233.25.232 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
200.71.111.32 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
120.3.228.73 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3362 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Mobile Safari/537.36"
152.70.100.52 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
95.213.215.150 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
37.113.234.14 - - [08/Nov/2024:14:54:18 +0000] "GET / HTTP/1.1" 200 3363 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/127.0.6533.119 Mobile/15E148 Safari/604.1"
    this is a small snippit, can i protect against this. and there is only 2 sites on that server at the moment
     
    chief, Nov 8, 2024 at 4:24 PM
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    SSH banning is active by default in Fail2ban, so you do not have to add it to jail.local. But you can use jail.local, of course, to override the default settings. The log you posted is not about SSH; it's a web server log, so it's unrelated to SSH banning in fail2ban.

    What you see in the log can be a DOS or DDOS attack, or it can be just a lot of normal traffic, e.g. when your site got featured in social media. If you want to filter out such traffic, then a good option is to use CloudFlare, which is free of charge for the basic functions and DDOS protection.
     
    till, Nov 8, 2024 at 4:39 PM
    #2
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My signature has link to Fail2ban tutorial, if you want to pursue setting it up to suit your needs.
    But like @till wrote, on Debian 12 Fail2ban by default detects and bans failed SSH login attempts.
     
    Taleman, Nov 10, 2024 at 12:59 PM
    #3

Share This Page