Score:0

fail2ban: apache-badbots is not working

us flag

I have a working fail2ban configuration which not only blocks IPs but also announces them to the AbuseIPDB. This is working fine for sshd and postfix-sasl, but not for apache-badbots (and resultign from that I would assume apache-overflow isn't working too). That's what I have:

In /etc/fail2ban/jail.d/defaults-debian.conf it is enable in same way like the other rules:

[apache-badbots]
enabled = true
# Ban IP and report to AbuseIPDB
action = %(action_)s
         %(action_abuseipdb)s[abuseipdb_apikey="<mykeyhere>", abuseipdb_category="19"]

In /etc/fail2ban/filter.d/apache-badbots.conf the unwanted bots are configured:

[Definition]

badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider|MJ12bot|DataForSeoBot|cyberscan.io|dataforseo|SemrushBot
badbots = <loads of predefined bots here>

failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*".*(?:%(badbots)s|%(badbotscustom)s).*"$

ignoreregex =

But none of these bots are ever detected/blocked/announced. This is true for both, bots that have an referrer and bots that can be identified via the client string only.

Any idea what could be wrong here?

Score:0
mx flag

Have you checked your datepattern? I use:

datepattern = ^[^\[]*\[({DATE})
              {^LN-BEG}
              %%d/%%b/%%Y:%%H:%%M:%%S
              \[%%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z\]
              \[%%d/%%b/%%Y:%%H:%%M:%%S %%z\]
us flag
The datepattern was disabled in my configuration. However, when I try yours or the default datepattern, the result is still the same :-(
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.