Gene Heskett wrote:
> It, iptables, did not get restarted on the fresh boot, so obviously the
> systemd manager hasn't been informed to start iptables, reloading
> from /etc/iptables/saved-rules.
You would not be having these problems were you using Shorewall...
--
John Hasler
jhas...@newsguy
On Du, 01 dec 19, 22:28:43, Gene Heskett wrote:
>
> It, iptables, did not get restarted on the fresh boot, so obviously the
> systemd manager hasn't been informed to start iptables, reloading
> from /etc/iptables/saved-rules.
To my knowledge Debian doesn't include anything like this by defau
On Tuesday 12 November 2019 21:35:49 Gene Heskett wrote:
> On Tuesday 12 November 2019 19:53:15 John Hasler wrote:
> > I wrote:
> > > Install Shorewall.
> >
> > Gene writes:
> > > Did, spent half an hour reading its man page, but I don't see a
> > > command that will extract and save an existing i
On Tuesday 12 November 2019 20:03:12 ghe wrote:
> On 11/12/19 5:46 PM, Gene Heskett wrote:
> > Oh goody and I get to name & pick the file and its location. Now,
> > wheres a good place to put the restore in the reboot path?
>
> How about /etc? Or /etc/init.d? That's where mine is...
I've already
On Tuesday 12 November 2019 19:53:15 John Hasler wrote:
> I wrote:
> > Install Shorewall.
>
> Gene writes:
> > Did, spent half an hour reading its man page, but I don't see a
> > command that will extract and save an existing iptables setup, and a
> > later reapply of that saved data.
>
> I meant
On 11/12/19 5:46 PM, Gene Heskett wrote:
> Oh goody and I get to name & pick the file and its location. Now, wheres
> a good place to put the restore in the reboot path?
How about /etc? Or /etc/init.d? That's where mine is...
--
Glenn English
I wrote:
> Install Shorewall.
Gene writes:
> Did, spent half an hour reading its man page, but I don't see a
> command that will extract and save an existing iptables setup, and a
> later reapply of that saved data.
I meant use it instead of using Iptables directly: the package takes
care of rest
On Tuesday 12 November 2019 16:04:07 to...@tuxteam.de wrote:
> On Tue, Nov 12, 2019 at 12:40:45PM -0500, Gene Heskett wrote:
>
> [...]
>
> > So I have to find all that in the history and re-invent
> > a 33 line filter DROP. I'll be baqck when I've stuck a hot tater in
> > semrushes exit port.
>
>
On Tuesday 12 November 2019 14:28:38 John Hasler wrote:
> Gene writes:
> > So I had been adding iptables rules but had to reboot this morning
> > to get a baseline cups start, only to find my iptables rules were
> > all gone and the bots are DDOSing me again.
>
> Install Shorewall.
Did, spent hal
On Tuesday 12 November 2019 13:30:24 ghe wrote:
> Gene wrote
>
> > So I had been adding iptables rules but had to reboot this
> > morning to get a baseline cups start, only to find my iptables rules
> > were all gone and the bots are DDOSing me again. Grrr
>
> 0) Can you block them with an ACL
On Tue, Nov 12, 2019 at 12:40:45PM -0500, Gene Heskett wrote:
[...]
> So I have to find all that in the history and re-invent
> a 33 line filter DROP. I'll be baqck when I've stuck a hot tater in
> semrushes exit port.
See iptables-save (will dump the currently active iptables to a file)
and ip
Gene writes:
> So I had been adding iptables rules but had to reboot this morning to
> get a baseline cups start, only to find my iptables rules were all
> gone and the bots are DDOSing me again.
Install Shorewall.
--
John Hasler
jhas...@newsguy.com
Elmwood, WI USA
Gene wrote
> So I had been adding iptables rules but had to reboot this
> morning to get a baseline cups start, only to find my iptables rules
> were all gone and the bots are DDOSing me again. Grrr
0) Can you block them with an ACL in your router/firewall? And wr mem so
the ACL will be the
On Tuesday 12 November 2019 11:01:08 Lee wrote:
> On 11/11/19, Gene Heskett wrote:
> > On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:
>
> ... snip ...
>
> >> I *know* I told you to look at your log files, and to turn on
> >> user-agent logging if necessary.
> >>
> >> I don't remember
On 11/11/19, Gene Heskett wrote:
> On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:
... snip ...
>> I *know* I told you to look at your log files, and to turn on
>> user-agent logging if necessary.
>>
>> I don't remember seeing you ever *post* your log files here, not even
>> a single li
On 11/11/19, Greg Wooledge wrote:
> On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote:
>>
>> HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1;
>> +http://cs.daum.net/faq/15/4118.html?faqId=28966)"
>> coyote.coyote.den:80 203.133.169.54 - -
>> [11/Nov/2019:12:11:29 -0500] "GET
Sorry Gene. Hit reply instead of reply list.
On 11/11/19 12:18 PM, Gene Heskett wrote:
On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:
I have a list of ipv4's I want fail2ban to block.
Not sure that fail2ban is the best tool for the job. Where you
already have a list of IPs that you
On Monday 11 November 2019 12:38:09 Greg Wooledge wrote:
> On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote:
> > Only one log file seems to have useful data, the "other..." file,
> > and I have posted several single lines here, but here's a few more:
> >
> > coyote.coyote.den:80 40.94
On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote:
> Only one log file seems to have useful data, the "other..." file, and I
> have posted several single lines here, but here's a few more:
>
> coyote.coyote.den:80 40.94.105.9 - -
> [11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 2
On Monday 11 November 2019 08:33:13 Greg Wooledge wrote:
> > > > I have a list of ipv4's I want fail2ban to block.
> > >
> > > Not sure that fail2ban is the best tool for the job. Where you
> > > already have a list of IPs that you want to block why not just
> > > directly create the iptables rule
On Mon, Nov 11, 2019 at 02:52:36PM +0100, to...@tuxteam.de wrote:
> On Mon, Nov 11, 2019 at 08:33:13AM -0500, Greg Wooledge wrote:
> > > > > I have a list of ipv4's I want fail2ban to block.
>
> [...]
>
> > I don't remember seeing you ever *post* your log files here, not even
> > a single line fr
On Mon, Nov 11, 2019 at 08:33:13AM -0500, Greg Wooledge wrote:
> > > > I have a list of ipv4's I want fail2ban to block.
[...]
> I don't remember seeing you ever *post* your log files here, not even
> a single line from a single instance of this bot. Maybe I missed it.
We had one sample in this
> > > I have a list of ipv4's I want fail2ban to block.
> >
> > Not sure that fail2ban is the best tool for the job. Where you already
> > have a list of IPs that you want to block why not just directly create
> > the iptables rules?
>
> just did that, got most of them but semrush apparently has f
On Sun, Nov 10, 2019 at 06:07:37PM -0500, Gene Heskett wrote:
> On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote:
>
> > On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote:
> > > On Sunday 10 November 2019 08:02:46 Michael wrote:
> > >
> > > Which contains such gems as this:
> >
On Monday, November 11, 2019 12:07:37 AM CET, Gene Heskett wrote:
On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote:
On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: ...
I don't see an obvious field delimiter in this. Tomas. Is it definable?
like thomas told you earlier
On Sun, 2019-11-10 at 19:37 +, Brian wrote:
> On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote:
> [...]
> > One thing you could try is to examine the iptables rule counters
> > daily/weekly. If the counters do not increase during some
> > interval,
> > then the rule is no longer usef
On Sunday 10 November 2019 18:07:37 Gene Heskett wrote:
> On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote:
> > On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote:
> > > On Sunday 10 November 2019 08:02:46 Michael wrote:
> > >
> > > Which contains such gems as this:
> > > coyot
On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote:
> On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote:
> > On Sunday 10 November 2019 08:02:46 Michael wrote:
> >
> > Which contains such gems as this:
> > coyote.coyote.den:80 40.77.167.79 - -
> > [10/Nov/2019:10:44:45 -0500] "G
On Sunday 10 November 2019 14:37:58 Brian wrote:
> On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote:
> > Brian writes:
> > > On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote:
> > >> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
> > >> > I was able, with the help o
On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote:
> On Sunday 10 November 2019 08:02:46 Michael wrote:
> Which contains such gems as this:
> coyote.coyote.den:80 40.77.167.79 - -
> [10/Nov/2019:10:44:45 -0500] "GET /gene/fence/18.html HTTP/1.1" 200
> 1121 "-" "Mozilla/5.0 (iPhone; CP
On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote:
> Brian writes:
>
> > On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote:
> >
> >> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
> >>
> >> > I was able, with the help of another responder to carve up some iptables
On 11/10/19 8:55 AM, Gene Heskett wrote:
> Thats an approximate idea of my understanding how it works, but to
> gradually transit from manual reading of the logs and applying iptable
> rules to block the miscreants, the first step would seem to indicate
> training fail2ban to read the same log
Brian writes:
> On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote:
>
>> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
>>
>> > I was able, with the help of another responder to carve up some iptables
>> > rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 other
On Sunday 10 November 2019 08:02:46 Michael wrote:
> On Sunday, November 10, 2019 1:39:24 PM CET, to...@tuxteam.de wrote:
> > On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote:
> >> On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote:
> >>> On Sun, Nov 10, 2019 at 06:08:52AM -050
On Sunday, November 10, 2019 1:39:24 PM CET, to...@tuxteam.de wrote:
On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote:
On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote:
On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
But... you can just configure your Apac
On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote:
> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
>
> > I was able, with the help of another responder to carve up some iptables
> > rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 others
> > were bound to do
On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote:
> On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote:
>
> > On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
[...]
> > - assess client behaviour
[...]
> Humm. That would take a user-agent trigger [...]
Bingo.
On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote:
> On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
>
> [...]
>
> > But, I'm getting the impression that it has to fail before fail2ban
> > kicks in [...]
>
> No. It has to "succeed" once before fail2ban can do its job. It is:
On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
[...]
> But, I'm getting the impression that it has to fail before fail2ban kicks
> in [...]
No. It has to "succeed" once before fail2ban can do its job. It is:
- assess client behaviour
- http server writes a log entry (or a set
On Sunday 10 November 2019 05:01:07 Michael wrote:
> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
> > Whats this "jail"? The beginners tut seems to assume we've all had
> > cs101 thru cs401 and Just Know all the secret handshakes bs already.
>
> no idea what you're talking abo
On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:
Whats this "jail"? The beginners tut seems to assume we've all had cs101
thru cs401 and Just Know all the secret handshakes bs already.
no idea what you're talking about... i almost never read any tutorial, just
man pages. that'
On Saturday 09 November 2019 15:07:51 mick crane wrote:
> On 2019-11-09 18:01, Gene Heskett wrote:
> > On Saturday 09 November 2019 08:59:14 Michael wrote:
> >> > Rather then to use fail2ban for this, I would create un ipset
> >> > that fail2ban can populate then use that ipset in iptables.
> >>
>
On Sat 09 Nov 2019 at 20:07:51 +, mick crane wrote:
> I like Gene, he is trying to make something work.
The "something" is what is at issue.
> When all this stuff started there seemed to be some sort of logic to it and
> I can't say I understood much of it but the thing seems to be now that
On 2019-11-09 18:01, Gene Heskett wrote:
On Saturday 09 November 2019 08:59:14 Michael wrote:
> Rather then to use fail2ban for this, I would create un ipset that
> fail2ban can populate then use that ipset in iptables.
i agree, but:
> One advantage of this is that you can add/delete ip from t
Hello,
On Sat, Nov 09, 2019 at 01:34:11PM -0500, Gene Heskett wrote:
> On Saturday 09 November 2019 10:10:53 Andy Smith wrote:
> > You've repeatedly been advised to block these bots in Apache by
> > their UserAgent. Have you tried that yet? It would be a lot simpler
> > than fail2ban or trying to
On Saturday 09 November 2019 10:37:09 john doe wrote:
> On 11/9/2019 2:43 PM, Gene Heskett wrote:
> > On Saturday 09 November 2019 03:36:49 john doe wrote:
> >> On 11/9/2019 8:30 AM, Gene Heskett wrote:
> >>> I have a list of ipv4's I want fail2ban to block. But amongst the
> >>> numerous subdirs
On Saturday 09 November 2019 10:10:53 Andy Smith wrote:
> Hello,
>
> On Sat, Nov 09, 2019 at 08:43:25AM -0500, Gene Heskett wrote:
> > I've done that with the help of a previous responder and now have
> > 99% of the pigs that ignore my robots.txt blocked. semrush is
> > extremely determined and ha
On Saturday 09 November 2019 08:59:14 Michael wrote:
> > Rather then to use fail2ban for this, I would create un ipset that
> > fail2ban can populate then use that ipset in iptables.
>
> i agree, but:
> > One advantage of this is that you can add/delete ip from the ipset
> > without having to rest
On 2019-11-09, john doe wrote:
>
> Note that using IPs directly is an red herring; you need to use other
> means (UserAgent ...) to identify those bots.
Over at semrush they advise the following (with robots.txt in the top
directory of the server):
To stop SEMrushBot from crawling your site, ad
On 11/9/2019 2:43 PM, Gene Heskett wrote:
> On Saturday 09 November 2019 03:36:49 john doe wrote:
>
>> On 11/9/2019 8:30 AM, Gene Heskett wrote:
>>> I have a list of ipv4's I want fail2ban to block. But amongst the
>>> numerous subdirs for fail2ban, I cannot find one that looks suitable
>>> to put
Hello,
On Sat, Nov 09, 2019 at 08:43:25AM -0500, Gene Heskett wrote:
> I've done that with the help of a previous responder and now have 99% of
> the pigs that ignore my robots.txt blocked. semrush is extremely
> determined and has switched to a 4th address I've not seen before, but
> is no lon
Rather then to use fail2ban for this, I would create un ipset that
fail2ban can populate then use that ipset in iptables.
i agree, but:
One advantage of this is that you can add/delete ip from the ipset
without having to restart fail2ban/iptables.
RTFM
fail2ban allows you to 'unban' an ip a
On Saturday 09 November 2019 04:01:32 to...@tuxteam.de wrote:
> On Sat, Nov 09, 2019 at 03:36:49AM -0500, Gene Heskett wrote:
> > On Saturday 09 November 2019 02:49:16 mett wrote:
> > > On 2019年11月9日 16:30:57 JST, Gene Heskett
wrote:
> > > >I have a list of ipv4's I want fail2ban to block. But a
On Saturday 09 November 2019 03:36:49 john doe wrote:
> On 11/9/2019 8:30 AM, Gene Heskett wrote:
> > I have a list of ipv4's I want fail2ban to block. But amongst the
> > numerous subdirs for fail2ban, I cannot find one that looks suitable
> > to put this list of addresses in so the are blocked f
On Sat, Nov 09, 2019 at 03:36:49AM -0500, Gene Heskett wrote:
> On Saturday 09 November 2019 02:49:16 mett wrote:
>
> > On 2019年11月9日 16:30:57 JST, Gene Heskett wrote:
> > >I have a list of ipv4's I want fail2ban to block. But amongst the
> > >numerous subdirs for fail2ban, I cannot find one that
On 11/9/2019 8:30 AM, Gene Heskett wrote:
> I have a list of ipv4's I want fail2ban to block. But amongst the
> numerous subdirs for fail2ban, I cannot find one that looks suitable to
> put this list of addresses in so the are blocked forever. Can someone
> more familiar with how fail2ban works gi
On Saturday 09 November 2019 02:55:45 darb wrote:
> * Gene Heskett wrote:
> > I have a list of ipv4's I want fail2ban to block. But amongst the
> > numerous subdirs for fail2ban, I cannot find one that looks suitable
> > to put this list of addresses in so the are blocked forever. Can
> > someone
On Saturday 09 November 2019 02:49:16 mett wrote:
> On 2019年11月9日 16:30:57 JST, Gene Heskett wrote:
> >I have a list of ipv4's I want fail2ban to block. But amongst the
> >numerous subdirs for fail2ban, I cannot find one that looks suitable
> > to
> >
> >put this list of addresses in so the are b
On 2019年11月9日 16:30:57 JST, Gene Heskett wrote:
>I have a list of ipv4's I want fail2ban to block. But amongst the
>numerous subdirs for fail2ban, I cannot find one that looks suitable to
>
>put this list of addresses in so the are blocked forever. Can someone
>more familiar with how fail2ban w
* Gene Heskett wrote:
> I have a list of ipv4's I want fail2ban to block. But amongst the
> numerous subdirs for fail2ban, I cannot find one that looks suitable to
> put this list of addresses in so the are blocked forever. Can someone
> more familiar with how fail2ban works give me a hand? Th
60 matches
Mail list logo
