[04:15:00]
<FbIN> How can I block IP's (bots/crawlers)? I am getting ddosed like anything. 1.45 TB already in 3 days.
[04:15:04]
<FbIN> *4 days
[05:33:27]
<FbIN> Can someone ban angelkkkk . the user is spamming me privately with sexual content.
[05:56:02]
<Moté> pti-jean: tu as l'application apticron d'installée ?
[05:56:28]
<Moté> FbIN: you need to harden your fail2ban configuration
[05:57:26]
<FbIN> > FbIN: you need to harden your fail2ban configuration
Any suggestion or guide which I can take help from to get this please? As you can imagine, 1.5TB is really a ddos by these stupid bots.
[05:58:04]
<Moté> I'll send my custom configuration
[05:58:48]
<Moté> When I have access to my server
[06:23:54]
<FbIN> Thanks. That is really appreciated. Moté 😇
[07:22:31]
<Moté> FbIN: I put this inside /etc/fail2ban/jail.d/custom.conf
(As root, should not be readable by any other user)
[07:22:33]
<Moté> [DEFAULT]
# Augmentation de la durée par défaut du ban
bantime = 1h
# Petit aléatoire pour éviter les bots "intelligents"
bantime.rndtime = 15m
# Temps dans lequel on cherche les essais ratés
findtime = 1h
# Nombre max de tentatives ratées
maxretry = 3
# Le nombre d’essais sauvegardés dans le ticket
maxmatches = 25
# Mon IP
ignoreip = 88.179.59.18,2a01:e0a:cce:c4b0:fe32:ec4e:421d:4f35
[recidive]
# Durée de base du ban
bantime = 1w
# Incrémentation de la durée du ban : 1 semaine, 2 semaine, 3 semaines…
bantime.increment = true
# On monte le findtime pour repérer les bans plus anciens
findtime = 90d
# Dès la récidive on bannit l’ip
maxretry = 2
# Recherche les bans sur toutes les jails, pour éviter les IP qui testent les wordpress 1 par 1
bantime.overalljails = true
[07:23:16]
<FbIN> Thanks. I will check in sometime. 🙂
[07:24:16]
<Moté> Comments are in french, sorry
This will drastically harden fail2ban. Beware that you can easily lock yourself out, so be sure to whitelist your ip and have another acces to your server if needed.
[07:25:58]
<Moté> ...and I left my IP when pasting, so now it's in the pastebin
If anyone knows how to delete that x)
Also, I have another configuration specifically for Wordpress
[07:34:53]
<plux> Moté: moyen de réaliser ce genre de durcissement avec une IP non fixe ?
[07:35:44]
<FbIN> > ...and I left my IP when pasting, so now it's in the pastebin
> If anyone knows how to delete that x)
> Also, I have another configuration specifically for Wordpress
Only a mod here can delete comments.
[07:36:30]
<FbIN> > Comments are in french, sorry
> This will drastically harden fail2ban. Beware that you can easily lock yourself out, so be sure to whitelist your ip and have another acces to your server if needed.
Thanks. I will look into it.
[07:38:34]
<Moté> plux: faut voir si y a moyen de mettre à jour l'IP par script, mais ça je ne saurais pas faire. Tu peux toujours le faire sans whitelist ton IP, surtout si tu te connectes en SSH par clé et que t'as un gestionnaire de mdp pour te connecter à tes services. Mais faut prévoir un accès secondaire au cas où (par exemple, un terminal en ligne fourni par ton hébergeur). Un partage de co par téléphone te permet de passer par une 2e IP, mais si tu te bloques aussi la 2e IP t'es marron x)
[08:06:19]
<FbIN> > Comments are in french, sorry
> This will drastically harden fail2ban. Beware that you can easily lock yourself out, so be sure to whitelist your ip and have another acces to your server if needed.
Another qq, I am guessing I need to create some jails or some files containing the bot ips?
[08:24:24]
<Moté> No, it's using the already existing jails. It's changing the default options, meaning every jail that doesn't overwrite these parameters will get a little harder. And then it drastically hardens the recidive jail, which is an already existing jail used when an IP is retrying to access the server after its previous ban has expired.
[08:25:22]
<Moté> It also activates monitoring over all jails, for when a same IP is trying over different apps (ssh, then postif, then wordpress, for example, but that's quite rare)
[08:31:35]
<FbIN> Awesome. Then I do not need to add a IP block list file.
[08:31:53]
<FbIN> I do have 11K bots and crawlers being blocked.
[08:32:13]
<FbIN> I mean on a different servers running a diff panel
[08:42:53]
<Moté> I've also recently added crowdsec, which helps
[08:45:06]
<Moté> I've never had that many bots, however. Your hosting provider doesn't have a DDoS protection?
[08:46:55]
<plux> > plux: faut voir si y a moyen de mettre à jour l'IP par script, mais ça je ne saurais pas faire. Tu peux toujours le faire sans whitelist ton IP, surtout si tu te connectes en SSH par clé et que t'as un gestionnaire de mdp pour te connecter à tes services. Mais faut prévoir un accès secondaire au cas où (par exemple, un terminal en ligne fourni par ton hébergeur). Un partage de co par téléphone te permet de passer par une 2e IP, mais si tu te bloques aussi la 2e IP t'es marron x)
Ok Moté merci
[09:15:36]
<FbIN> > I've never had that many bots, however. Your hosting provider doesn't have a DDoS protection?
They have, but I have root servers, which are dedicated kind of. So any ddos beyond their firewall (which is really useless) is my lookout. 🥺
[10:53:52]
<pti-jean> > pti-jean: tu as l'application apticron d'installée ?
Non, je crois pas! En tous cas cela me dit rien!
[10:54:17]
<pti-jean> Comment savoir ?
[12:24:04]
<Moté> pti-jean: dans ta liste d'applications installées, dans l'admin
J'ai reçu un mail du genre il y a pas longtemps, mais je me suis dit que c'était apticron qui m'avait fait ça
[12:27:12]
<pti-jean> Parce que je ne la vois pas ici:
https://apps.yunohost.org/catalog
Sinon, je n'ai pas cette apps d'installé !
[13:13:38]
<Moté> Celle-là : https://apps.yunohost.org/app/unattended_upgrades
[13:36:48]
<pti-jean> Oui, ben non... J'ai pas installé cette appli...
[14:42:37]
<FbIN> I forgot the command to upgrade an app even though it is shown as broken
[14:43:54]
<Moté> try yunohost app upgrade --help, I think it'll show the available parameters (unless it's update?)
[14:46:16]
<FbIN> broken app I forgot how to upgrade.
[14:46:20]
<FbIN> it does not show in hlep
[14:46:38]
<FbIN> options:
-h, --help show this help message and exit
-u URL, --url URL Git url to fetch for upgrade
-f FILE, --file FILE Folder or tarball for upgrade
-F, --force Force the update, even though the app is up to date
-b, --no-safety-backup
Disable the safety backup during upgrade
-c, --continue-on-failure
Continue to upgrade apps even if one or more upgrade failed
-i, --ignore-yunohost-version
Attempt to upgrade the app even if your YunoHost version is below the required one
[14:50:04]
<FbIN> > try yunohost app upgrade --help, I think it'll show the available parameters (unless it's update?)
I tried, and I remember someone once here told how to, but the chat history does not stay for that long..
[15:07:39]
<Moté> Doesn't work with --force?
[15:19:34]
<FbIN> > Doesn't work with --force?
Nope
[15:19:36]
<FbIN> I tried