1 |
jpp |
1.1 |
diff -Nur --no-dereference smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd |
2 |
|
|
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd 2017-10-27 08:34:58.000000000 -0400 |
3 |
|
|
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd 2021-12-08 21:13:45.765000000 -0500 |
4 |
|
|
@@ -61,7 +61,7 @@ |
5 |
|
|
[http-badbots] |
6 |
|
|
enabled = true |
7 |
|
|
filter = apache-badbots |
8 |
|
|
-logpath = /var/log/httpd/error_log |
9 |
|
|
+logpath = /var/log/httpd/access_log |
10 |
|
|
action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime] |
11 |
|
|
EOF |
12 |
|
|
|
13 |
|
|
diff -Nur --no-dereference smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-badbots.local smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-badbots.local |
14 |
|
|
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/apache-badbots.local 1969-12-31 19:00:00.000000000 -0500 |
15 |
|
|
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/apache-badbots.local 2021-12-08 21:11:23.401000000 -0500 |
16 |
|
|
@@ -0,0 +1,29 @@ |
17 |
|
|
+# Fail2Ban configuration file |
18 |
|
|
+# |
19 |
|
|
+# Regexp to catch known spambots and software alike. Please verify |
20 |
|
|
+# that it is your intent to block IPs which were driven by |
21 |
|
|
+# above mentioned bots. |
22 |
|
|
+ |
23 |
|
|
+ |
24 |
|
|
+[Definition] |
25 |
|
|
+ |
26 |
|
|
+badbotscustom = TrackBack/1\.02|sogou music spider |
27 |
|
|
+badbots = \b360Spider\b|\b404checker\b|\b404enemy\b|\b80legs\b|\bAbonti\b|\bAboundex\b|\bAboundexbot\b|\bAcunetix\b|\bADmantX\b|\bAfD-Verbotsverfahren\b|\bAhrefsBot\b|\bAIBOT\b|\bAiHitBot\b|\bAipbot\b|\bAlexibot\b|\bAlligator\b|\bAllSubmitter\b|\bAlphaBot\b|\bAnarchie\b|\bApexoo\b|\barchive\.org_bot\b|\barquivo\.pt\b|\barquivo-web-crawler\b|\bASPSeek\b|\bAsterias\b|\bAttach\b|\bautoemailspider\b|\bAwarioRssBot\b|\bAwarioSmartBot\b|\bBackDoorBot\b|\bBacklink-Ceck\b|\bbacklink-check\b|\bBacklinkCrawler\b|\bBackStreet\b|\bBackWeb\b|\bBadass\b|\bBandit\b|\bBarkrowler\b|\bBatchFTP\b|\bBattleztar Bazinga\b|\bBBBike\b|\bBDCbot\b|\bBDFetch\b|\bBetaBot\b|\bBigfoot\b|\bBitacle\b|\bBlackboard\b|\bBlack Hole\b|\bBlackWidow\b|\bBLEXBot\b|\bBlow\b|\bBlowFish\b|\bBoardreader\b|\bBolt\b|\bBotALot\b|\bBrandprotect\b|\bBrandwatch\b|\bBuddy\b|\bBuiltBotTough\b|\bBuiltWith\b|\bBullseye\b|\bBunnySlippers\b|\bBuzzSumo\b|\bCalculon\b|\bCATExplorador\b|\bCazoodleBot\b|\bCCBot\b|\bCegbfeieh\b|\bCheeseBot\b|\bCherryPicker\b|\bCheTeam\b|\bChinaClaw\b|\bChlooe\b|\bClaritybot\b|\bCliqzbot\b|\bCloud mapping\b|\bcoccocbot-web\b|\bCogentbot\b|\bcognitiveseo\b|\bCollector\b|\bcom\.plumanalytics\b|\bCopier\b|\bCopyRightCheck\b|\bCopyscape\b|\bCosmos\b|\bCraftbot\b|\bcrawler4j\b|\bcrawler\.feedback\b|\bcrawl\.sogou\.com\b|\bCrazyWebCrawler\b|\bCrescent\b|\bCrunchBot\b|\bCSHttp\b|\bCurious\b|\bCusto\b|\bDatabaseDriverMysqli\b|\bDataCha0s\b|\bDBLBot\b|\bdemandbase-bot\b|\bDemon\b|\bDeusu\b|\bDevil\b|\bDigincore\b|\bDigitalPebble\b|\bDIIbot\b|\bDirbuster\b|\bDisco\b|\bDiscobot\b|\bDiscoverybot\b|\bDispatch\b|\bDittoSpyder\b|\bDnyzBot\b|\bDomainAppender\b|\bDomainCrawler\b|\bDomainSigmaCrawler\b|\bDomainStatsBot\b|\bDotbot\b|\bDownload Wonder\b|\bDragonfly\b|\bDrip\b|\bDSearch\b|\bDTS Agent\b|\bEasyDL\b|\bEbingbong\b|\beCatch\b|\bECCP/1\.0\b|\bEcxi\b|\bEirGrabber\b|\bEMail Siphon\b|\bEMail Wolf\b|\bEroCrawler\b|\bevc-batch\b|\bEvil\b|\bExabot\b|\bExpress WebPictures\b|\bExtLinksBot\b|\bExtractor\b|\bExtractorPro\b|\bExtreme Picture Finder\b|\bEyeNetIE\b|\bEzooms\b|\bfacebookscraper\b|\bFDM\b|\bFemtosearchBot\b|\bFHscan\b|\bFimap\b|\bFirefox/7\.0\b|\bFlashGet\b|\bFlunky\b|\bFoobot\b|\bFreeuploader\b|\bFrontPage\b|\bFyberSpider\b|\bFyrebot\b|\bGalaxyBot\b|\bGenieo\b|\bGermCrawler\b|\bGetintent\b|\bGetRight\b|\bGetWeb\b|\bGigablast\b|\bGigabot\b|\bG-i-g-a-b-o-t\b|\bGo-Ahead-Got-It\b|\bGotit\b|\bGoZilla\b|\bGo\!Zilla\b|\bGrabber\b|\bGrabNet\b|\bGrafula\b|\bGrapeFX\b|\bGrapeshotCrawler\b|\bGridBot\b|\bGT\:\:WWW\b|\bHaansoft\b|\bHaosouSpider\b|\bHarvest\b|\bHavij\b|\bHEADMasterSEO\b|\bheritrix\b|\bHeritrix\b|\bHloader\b|\bHMView\b|\bHTMLparser\b|\bHTTP\:\:Lite\b|\bHTTrack\b|\bHumanlinks\b|\bHybridBot\b|\bIblog\b|\bIDBot\b|\bId-search\b|\bIlseBot\b|\bImage Fetch\b|\bImage Sucker\b|\bIndeedBot\b|\bIndy Library\b|\bInfoNaviRobot\b|\bInfoTekies\b|\binstabid\b|\bIntelliseek\b|\bInterGET\b|\bInternet Ninja\b|\bInternetSeer\b|\binternetVista monitor\b|\bips-agent\b|\bIria\b|\bIRLbot\b|\bIskanie\b|\bIstellaBot\b|\bJamesBOT\b|\bJbrofuzz\b|\bJennyBot\b|\bJetCar\b|\bJetty\b|\bJikeSpider\b|\bJOC Web Spider\b|\bJoomla\b|\bJorgee\b|\bJustView\b|\bJyxobot\b|\bKenjin Spider\b|\bKeyword Density\b|\bKozmosbot\b|\bLanshanbot\b|\bLarbin\b|\bLeechFTP\b|\bLeechGet\b|\bLexiBot\b|\bLftp\b|\bLibWeb\b|\bLibwhisker\b|\bLightspeedsystems\b|\bLikse\b|\bLinkdexbot\b|\bLinkextractorPro\b|\bLinkpadBot\b|\bLinkScan\b|\bLinksManager\b|\bLinkWalker\b|\bLinqiaMetadataDownloaderBot\b|\bLinqiaRSSBot\b|\bLinqiaScrapeBot\b|\bLipperhey\b|\bLipperhey Spider\b|\bLitemage_walker\b|\bLmspider\b|\bLNSpiderguy\b|\bLtx71\b|\blwp-request\b|\bLWP\:\:Simple\b|\blwp-trivial\b|\bMagnet\b|\bMag-Net\b|\bmagpie-crawler\b|\bMail\.RU_Bot\b|\bMajestic12\b|\bMajestic-SEO\b|\bMajestic SEO\b|\bMarkMonitor\b|\bMarkWatch\b|\bMasscan\b|\bMass Downloader\b|\bMata Hari\b|\bMauiBot\b|\bmeanpathbot\b|\bMeanpathbot\b|\bMeanPath Bot\b|\bMediatoolkitbot\b|\bmediawords\b|\bMegaIndex\.ru\b|\bMetauri\b|\bMFC_Tear_Sample\b|\bMicrosoft Data Access\b|\bMicrosoft URL Control\b|\bMIDown tool\b|\bMIIxpc\b|\bMister PiX\b|\bMJ12bot\b|\bMojeek\b|\bMojolicious\b|\bMorfeus Fucking Scanner\b|\bMr\.4x3\b|\bMSFrontPage\b|\bMSIECrawler\b|\bMsrabot\b|\bmuhstik-scan\b|\bMusobot\b|\bName Intelligence\b|\bNameprotect\b|\bNavroad\b|\bNearSite\b|\bNeedle\b|\bNessus\b|\bNetAnts\b|\bNetcraft\b|\bnetEstate NE Crawler\b|\bNetLyzer\b|\bNetMechanic\b|\bNetSpider\b|\bNettrack\b|\bNet Vampire\b|\bNetvibes\b|\bNetZIP\b|\bNextGenSearchBot\b|\bNibbler\b|\bNICErsPRO\b|\bNiki-bot\b|\bNikto\b|\bNimbleCrawler\b|\bNimbostratus\b|\bNinja\b|\bNmap\b|\bNPbot\b|\bNutch\b|\boBot\b|\bOctopus\b|\bOffline Explorer\b|\bOffline Navigator\b|\bOnCrawl\b|\bOpenfind\b|\bOpenLinkProfiler\b|\bOpenvas\b|\bOpenVAS\b|\bOrangeBot\b|\bOrangeSpider\b|\bOutclicksBot\b|\bOutfoxBot\b|\bPageAnalyzer\b|\bPage Analyzer\b|\bPageGrabber\b|\bpage scorer\b|\bPageScorer\b|\bPandalytics\b|\bPanscient\b|\bPapa Foto\b|\bPavuk\b|\bpcBrowser\b|\bPECL\:\:HTTP\b|\bPeoplePal\b|\bPHPCrawl\b|\bPicscout\b|\bPicsearch\b|\bPictureFinder\b|\bPimonster\b|\bPi-Monster\b|\bPixray\b|\bPleaseCrawl\b|\bplumanalytics\b|\bPockey\b|\bPOE-Component-Client-HTTP\b|\bProbethenet\b|\bProPowerBot\b|\bProWebWalker\b|\bPsbot\b|\bPump\b|\bPxBroker\b|\bPyCurl\b|\bQueryN Metasearch\b|\bQuick-Crawler\b|\bRankActive\b|\bRankActiveLinkBot\b|\bRankFlex\b|\bRankingBot\b|\bRankingBot2\b|\bRankivabot\b|\bRankurBot\b|\bRealDownload\b|\bReaper\b|\bRebelMouse\b|\bRecorder\b|\bRedesScrapy\b|\bReGet\b|\bRepoMonkey\b|\bRipper\b|\bRocketCrawler\b|\bRogerbot\b|\bRSSingBot\b|\bs1z\.ru\b|\bSalesIntelligent\b|\bSBIder\b|\bScanAlert\b|\bScanbot\b|\bscan\.lol\b|\bScoutJet\b|\bScrapy\b|\bScreaming\b|\bScreenerBot\b|\bSearchestate\b|\bSearchmetricsBot\b|\bSemrush\b|\bSemrushBot\b|\bSEOkicks\b|\bSEOkicks-Robot\b|\bSEOlyticsCrawler\b|\bSeomoz\b|\bSEOprofiler\b|\bseoscanners\b|\bSeoSiteCheckup\b|\bSEOstats\b|\bserpstatbot\b|\bsexsearcher\b|\bShodan\b|\bSiphon\b|\bSISTRIX\b|\bSitebeam\b|\bSiteExplorer\b|\bSiteimprove\b|\bSiteLockSpider\b|\bSiteSnagger\b|\bSiteSucker\b|\bSite Sucker\b|\bSitevigil\b|\bSlySearch\b|\bSmartDownload\b|\bSMTBot\b|\bSnake\b|\bSnapbot\b|\bSnoopy\b|\bSocialRankIOBot\b|\bSociscraper\b|\bsogouspider\b|\bSogou web spider\b|\bSosospider\b|\bSottopop\b|\bSpaceBison\b|\bSpammen\b|\bSpankBot\b|\bSpanner\b|\bsp_auditbot\b|\bSpbot\b|\bSpinn3r\b|\bSputnikBot\b|\bspyfu\b|\bSqlmap\b|\bSqlworm\b|\bSqworm\b|\bSteeler\b|\bStripper\b|\bSucker\b|\bSucuri\b|\bSuperBot\b|\bSuperHTTP\b|\bSurfbot\b|\bSurveyBot\b|\bSuzuran\b|\bSwiftbot\b|\bsysscan\b|\bSzukacz\b|\bT0PHackTeam\b|\bT8Abot\b|\btAkeOut\b|\bTeleport\b|\bTeleportPro\b|\bTelesoft\b|\bTelesphoreo\b|\bTelesphorep\b|\bThe Intraformant\b|\bTheNomad\b|\bThumbor\b|\bTightTwatBot\b|\bTitan\b|\bToata\b|\bToweyabot\b|\bTracemyfile\b|\bTrendiction\b|\bTrendictionbot\b|\btrendiction\.com\b|\btrendiction\.de\b|\bTrue_Robot\b|\bTuringos\b|\bTurnitin\b|\bTurnitinBot\b|\bTwengaBot\b|\bTwice\b|\bTyphoeus\b|\bUnisterBot\b|\bUpflow\b|\bURLy\.Warning\b|\bURLy Warning\b|\bVacuum\b|\bVagabondo\b|\bVB Project\b|\bVCI\b|\bVeriCiteCrawler\b|\bVidibleScraper\b|\bVirusdie\b|\bVoidEYE\b|\bVoil\b|\bVoltron\b|\bWallpapers/3\.0\b|\bWallpapersHD\b|\bWASALive-Bot\b|\bWBSearchBot\b|\bWebalta\b|\bWebAuto\b|\bWeb Auto\b|\bWebBandit\b|\bWebCollage\b|\bWeb Collage\b|\bWebCopier\b|\bWEBDAV\b|\bWebEnhancer\b|\bWeb Enhancer\b|\bWebFetch\b|\bWeb Fetch\b|\bWebFuck\b|\bWeb Fuck\b|\bWebGo IS\b|\bWebImageCollector\b|\bWebLeacher\b|\bWebmasterWorldForumBot\b|\bwebmeup-crawler\b|\bWebPix\b|\bWeb Pix\b|\bWebReaper\b|\bWebSauger\b|\bWeb Sauger\b|\bWebshag\b|\bWebsiteExtractor\b|\bWebsiteQuester\b|\bWebsite Quester\b|\bWebster\b|\bWebStripper\b|\bWebSucker\b|\bWeb Sucker\b|\bWebWhacker\b|\bWebZIP\b|\bWeSEE\b|\bWhack\b|\bWhacker\b|\bWhatweb\b|\bWho\.is Bot\b|\bWidow\b|\bWinHTTrack\b|\bWiseGuys Robot\b|\bWISENutbot\b|\bWonderbot\b|\bWoobot\b|\bWotbox\b|\bWprecon\b|\bWPScan\b|\bWWW-Collector-E\b|\bWWW-Mechanize\b|\bWWW\:\:Mechanize\b|\bWWWOFFLE\b|\bx09Mozilla\b|\bx22Mozilla\b|\bXaldon_WebSpider\b|\bXaldon WebSpider\b|\bXenu\b|\bxpymep1\.exe\b|\bYoudaoBot\b|\bZade\b|\bZauba\b|\bzauba\.io\b|\bZermelo\b|\bZeus\b|\bzgrab\b|\bZitebot\b|\bZmEu\b|\bZumBot\b|\bZyBorg\b|\bapplebot\b|\barchive\.org_bot\b|\bBaidu\b|\bBaiduspider\b|\bCFNetwork\b|\bFirefox/21\.0\b|\bia_archiver\b|\bMozilla/4\.76\b|\bMSIE 5\.\b|\bMSIE 6\.0\b|\bQwantify\b|\bSafeDNSBot\b|\bUptimebot\b|\bYahoo\! Slurp\b|\bYandex\b|\bpython-requests\b |
28 |
|
|
+ |
29 |
|
|
+ |
30 |
|
|
+#failregex = ^<HOST> .*(?:%(badbots)s|%(badbotscustom)s).*$ |
31 |
|
|
+failregex = (?i)<HOST> -.*"(GET|POST|HEAD|OPTIONS|CONNECT).*HTTP.*(?:%(badbotscustom)s|%(badbots)s).*"$ |
32 |
|
|
+ |
33 |
|
|
+ignoreregex = |
34 |
|
|
+ |
35 |
|
|
+#datepattern = ^[^\[]*\[({DATE}) |
36 |
|
|
+# {^LN-BEG} |
37 |
|
|
+ |
38 |
|
|
+# DEV Notes: |
39 |
|
|
+# List of bad bots fetched from |
40 |
|
|
+# wget -q -O- "https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents.list" | uniq | sed -e 's/\\ / /g' | sed -e 's/\([.\:|()+!]\)/\\\1/g' | sed 's/.*/\\b&\\b/' | tr '\n' '|' > badbots.txt |
41 |
|
|
+# wget -q -O- "https://raw.githubusercontent.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/master/_generator_lists/bad-user-agents-fail2ban-additional.list" | uniq | sed -e 's/\\ / /g' | sed -e 's/\([.\:|()+!]\)/\\\1/g' | sed 's/.*/\\b&\\b/' | tr '\n' '|' | sed -e 's/|$//g' >> badbots.txt |
42 |
|
|
+# bingbot has been removed from the list . |
43 |
|
|
+# Generated 2020/01/07 12:29 East time |
44 |
|
|
+# Author: Yaroslav Halchenko, Alex Gurrola |
45 |
|
|
+ |