Hi, a few days ago I noticed my internet conenction very slow and my home server with ISPConfig pretty loaded, so I started to check the logs and review the /server-status apache page and realized that I was under some kind of DDoS attack. I realized that because in the logs of a client site (other_vhosts_access.log) I had lots of entries pointing to a joomla! installation trying to access the joomla! home dir and the /administrator folder (here is where you access admin backend in joomla!). Is there a way to stop this using fail2ban? I'm a bit confused if fail2ban will work because the attack seems to be originated from several different IPs. Thanks in advise! Environment: Fail2Ban version: 0.9.3-1 OS: Ubuntu 16.04 LTS ISPConfig: 3.1b1 Relevant lines from log file (excerpt):
Hi @till ! Thanks for the suggestion, but I thought that it would be better to use fail2ban because is promoted and enforced in the perfect server tutorials. Any hints to use fail2ban to repeal this attack?
Fail2ban is not an anti ddos tool while mod_evasive is a anti ddos module for apache, so you compare apples with pies here.
You can try use fail2ban of course but I'm using it to protect my SSH access for the most of the time. I can suggest you to create a .htaccess and block that directory from outside for now Other than that you can use Apache mod_evasive