fail2ban

How to defend against attacks resulting in large volumes of 404 or other 4xx HTTP error codes with Fail2Ban

botond published 2023/03/14, k - 00:38 time
Our websites are constantly under attack from the outside world. The vast majority of these are done by robots, which try to discover the weak points of the websites running on the server. Some of the robots with this purpose try to do this by making various seemingly random HTTP requests to our websites, most of which are directed to non-existent URL addresses. As a result, our server responds with a 404 HTTP response code. In this description, we will look at how to ban the large number of attempts resulting in 404 and other 4xx HTTP response codes using Fail2Ban.

How to protect our server from attacks on our databases with "Access denied for user root@ip address (using password: YES / NO)" using Fail2Ban

botond published 2022/06/05, v - 01:45 time
When we run websites, our server and the websites and services that run on it are often vulnerable to external attacks, and our MySQL / MariaDB database server is no exception. If the Fail2Ban protection software is also available on your server, this short description will show you how to make your server more secure against attacks on your "Access denied for user root @ ip address (using password: YES / NO)" database server.

fail2ban-testcases

Manual page and help for the fail2ban-testcases linux command. The fail2ban-testcases command is a tool for running Fail2Ban tests.

Perfect Server: Debian 10 (Buster) V1.0 (Page 3)

botond published March 2020, 01, Thu - 02:17 time
In this tutorial, we build the perfect Debian 10 (Buster) server version 1.0, which we build on the previous Debian 10 (Buster) LAMP server. This page installs the following components: RoundCube webmail client, ISPConfig control panel, and two other Fail2Ban filters.

Perfect Server: Debian 10 (Buster) V1.0 (Page 2)

botond published March 2020, 01, Thu - 02:17 time
In this tutorial, we build the perfect Debian 10 (Buster) server version 1.0, which we build on the previous Debian 10 (Buster) LAMP server. This page installs the following components: FTP server, Quota, BIND DNS server, web statistics, Jailkit, Fail2Ban and UFW firewall.

How to keep unwanted robots away from our server websites

botond published Jan. 2019, 11, 27:17 p.m. time
As we run more and more websites on our server, the additional traffic also increases, leading to additional workload. This excess load is largely caused by the traffic generated by the robots. In this description, we will look at two ways to keep these useless robots away from our websites.

fail2ban-regex (linux command)

The manual page and help for the fail2ban-regex linux command. As an add-on to Fail2Ban, the command checks the regular expressions of the filters and tests the specified filter in the specified log file.

fail2ban-client (linux command)

The manual page and help page for fail2ban-client (linux command). Use this command to control the operation of the Fail2Ban program, including starting and stopping jails (filters).

Enhance SSH protection with additional Fail2Ban filter patterns on Debian 8 (Jessie)

botond published March 2019, 05, Thu - 09:23 time
On your Debian 8 (Jesssie) -based server, even if you use Fail2Ban, you may see log entries that are not recognized by Fail0.8.13Ban filters on your system, version 2, so your system is less protected against attacks that cause these entries. In this description, we will solve the attempt to block attempts with random usernames on our SSH server using another filter pattern in Fail2Ban.