Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [http-get-dos]
- enabled = true
- port = http,https
- filter = http-get-dos
- logpath = /var/log/httpd/access_log
- maxretry = 10
- findtime = 120
- bantime = -1
- action = iptables[name=HTTP, port=http, protocol=tcp]
- [Definition]
- failregex = ^<HOST> -.*"(GET|POST).*
- ignoreregex =
- Running tests
- =============
- Use failregex filter file : http-get-dos, basedir: /etc/fail2ban
- Use log file : /var/log/httpd/access_log
- Use encoding : UTF-8
- Results
- =======
- Failregex: 3586 total
- |- #) [# of hits] regular expression
- | 1) [3586] ^<HOST> -.*"(GET|POST).*
- `-
- Ignoreregex: 0 total
- Date template hits:
- |- [# of hits] date format
- | [3601] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)?
- `-
- Lines: 3601 lines, 0 ignored, 3586 matched, 15 missed
- [processed in 0.38 sec]
- |- Missed line(s):
- | 77.72.83.87 - - [13/Jan/2019:11:01:23 +0000] "x03" 400 226 "-" "-"
- | 122.112.227.18 - - [13/Jan/2019:12:34:51 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
- | 181.22.180.152 - - [14/Jan/2019:17:56:08 +0000] "-" 408 - "-" "-"
- | 89.248.172.90 - - [14/Jan/2019:22:40:15 +0000] "-" 408 - "-" "-"
- | 89.248.172.90 - - [14/Jan/2019:22:40:35 +0000] "-" 408 - "-" "-"
- | 103.105.59.124 - - [15/Jan/2019:00:44:14 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
- | 118.89.138.232 - - [15/Jan/2019:05:12:34 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
- | 66.240.205.34 - - [15/Jan/2019:23:48:20 +0000] "Gh0stxad" 400 226 "-" "-"
- | 129.204.78.36 - - [16/Jan/2019:05:57:50 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
- | 104.128.144.131 - - [16/Jan/2019:19:06:23 +0000] "HEAD /redirect.php HTTP/1.0" 404 - "-" "www.probethenet.com scanner"
- | 59.36.132.222 - - [16/Jan/2019:20:42:28 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 301 229 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
- | 123.200.24.163 - - [17/Jan/2019:08:46:30 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
- | 79.115.160.167 - - [17/Jan/2019:22:36:03 +0000] "-" 408 - "-" "-"
- | ::1 - - [17/Jan/2019:23:08:46 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/7.2.13 (internal dummy connection)"
- | 79.115.160.167 - - [17/Jan/2019:23:11:51 +0000] "-" 408 - "-" "-"
- 2019-01-18 00:23:40,655 fail2ban.filter [15412]: INFO Set findtime = 120
- 2019-01-18 00:23:40,667 fail2ban.jail [15412]: INFO Jail 'sshd' started
- 2019-01-18 00:23:40,668 fail2ban.filtersystemd [15412]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
- 2019-01-18 00:23:40,673 fail2ban.jail [15412]: INFO Jail 'http-get-dos' started
- 2019-01-18 00:23:40,773 fail2ban.actions [15412]: NOTICE [sshd] Ban 124.93.228.42
- 2019-01-18 00:25:22,970 fail2ban.filter [15412]: INFO [sshd] Found 129.204.34.155
- 2019-01-18 00:27:35,921 fail2ban.filter [15412]: INFO [sshd] Found 212.237.8.162
- 2019-01-18 00:27:49,936 fail2ban.filter [15412]: INFO [sshd] Found 142.93.190.223
- 2019-01-18 00:33:00,711 fail2ban.filter [15412]: INFO [sshd] Found 106.12.203.146
- 2019-01-18 00:33:23,489 fail2ban.filter [15412]: INFO [sshd] Found 69.194.44.230
- 2019-01-18 00:35:25,864 fail2ban.server [15412]: INFO Stopping all jails
- 2019-01-18 00:35:26,700 fail2ban.actions [15412]: NOTICE [sshd] Unban 124.93.228.42
- 2019-01-18 00:35:26,925 fail2ban.jail [15412]: INFO Jail 'sshd' stopped
- 2019-01-18 00:35:27,915 fail2ban.jail [15412]: INFO Jail 'http-get-dos' stopped
- 2019-01-18 00:35:27,919 fail2ban.server [15412]: INFO Exiting Fail2ban
- 2019-01-18 00:35:28,106 fail2ban.server [15592]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7
- 2019-01-18 00:35:28,107 fail2ban.database [15592]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
- 2019-01-18 00:35:28,110 fail2ban.jail [15592]: INFO Creating new jail 'sshd'
- 2019-01-18 00:35:28,129 fail2ban.jail [15592]: INFO Jail 'sshd' uses systemd {}
- 2019-01-18 00:35:28,144 fail2ban.jail [15592]: INFO Initiated 'systemd' backend
- 2019-01-18 00:35:28,145 fail2ban.filter [15592]: INFO Set maxRetry = 5
- 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set jail log file encoding to UTF-8
- 2019-01-18 00:35:28,146 fail2ban.actions [15592]: INFO Set banTime = -1
- 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set findtime = 600
- 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set maxlines = 10
- 2019-01-18 00:35:28,203 fail2ban.filtersystemd [15592]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
- 2019-01-18 00:35:28,210 fail2ban.jail [15592]: INFO Creating new jail 'http-get-dos'
- 2019-01-18 00:35:28,210 fail2ban.jail [15592]: INFO Jail 'http-get-dos' uses systemd {}
- 2019-01-18 00:35:28,211 fail2ban.jail [15592]: INFO Initiated 'systemd' backend
- 2019-01-18 00:35:28,212 fail2ban.filter [15592]: INFO Set maxRetry = 10
- 2019-01-18 00:35:28,212 fail2ban.filter [15592]: INFO Set jail log file encoding to UTF-8
- 2019-01-18 00:35:28,213 fail2ban.actions [15592]: INFO Set banTime = -1
- 2019-01-18 00:35:28,213 fail2ban.filter [15592]: INFO Set findtime = 120
- 2019-01-18 00:35:28,222 fail2ban.filter [15592]: INFO [sshd] Found 212.237.8.162
- 2019-01-18 00:35:28,224 fail2ban.filter [15592]: INFO [sshd] Found 142.93.190.223
- 2019-01-18 00:35:28,229 fail2ban.filter [15592]: INFO [sshd] Found 106.12.203.146
- 2019-01-18 00:35:28,232 fail2ban.filter [15592]: INFO [sshd] Found 69.194.44.230
- 2019-01-18 00:35:28,238 fail2ban.jail [15592]: INFO Jail 'sshd' started
- 2019-01-18 00:35:28,239 fail2ban.filtersystemd [15592]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
- 2019-01-18 00:35:28,242 fail2ban.jail [15592]: INFO Jail 'http-get-dos' started
- 2019-01-18 00:35:28,355 fail2ban.actions [15592]: NOTICE [sshd] Ban 124.93.228.42
- Status
- |- Number of jail: 2
- `- Jail list: http-get-dos, sshd
- |- Filter
- | |- Currently failed: 0
- | |- Total failed: 0
- | `- Journal matches:
- `- Actions
- |- Currently banned: 0
- |- Total banned: 0
- `- Banned IP list:
Add Comment
Please, Sign In to add comment