[ad_1]
Hello Jeff!
A long time ago I had thought about a “central list” from different Bad-Bot installations.
I use several PHP-based installations and had long ago made me an extension of your WP-plugin, so that a logfile is also written to the file system (as with the PHP variant), but no longer have the WEB and no backup of the script…
Since I host a few dozen WordPress sites on my own server and have now familiarized myself with Fail2Ban a bit further, I am now getting to start again.
The only thing I’m really inexperienced with is RegEx and I’m not getting anywhere…. therefore times an off-topic question about it, but at the same time also the renewed suggestion to you, possibly to support the future something?
The basic idea: BadBots writes logfiles and these are evaluated by Fail2Ban and then take effect on the entire server – either immediately or, for example, when at x-webs occur.
And of course: The idea to keep a central “blacklist” for all plugin users and offer it for import as with other tools would then be further simplified.
My action jail:
[wp-badbots]
enabled = true
filter = wp-badbots
action = logfile[name="wp-badbots"]
sendmail[name="badbots", sendername="fail2ban badbots", dest="[email protected]"]
logpath = /var/www/vhosts/*/httpdocs/*/blackhole.dat
maxretry = 1The blackhole.dat is the log from the php-based blackhole at this moment. The log looks like this:
91.64.137.161 - GET - HTTP/1.1 - Sunday, May 3rd 2020 @ 12:35:54 - Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101 Firefox/68.0
85.25.236.90 - GET - HTTP/1.1 - Sunday, May 3rd 2020 @ 18:50:37 - Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; Gecko/20100101 Firefox/38.0
136.243.36.68 - GET - HTTP/1.1 - Monday, May 4th 2020 @ 01:13:36 - Mozilla/5.0 (compatible; vebidoobot/1.0; +https://blog.vebidoo.de/vebidoobot/)
23.252.241.34 - GET - HTTP/1.1 - Monday, May 4th 2020 @ 16:24:58 - Dispatch/0.11.3
34.234.54.252 - GET - HTTP/1.1 - Monday, May 4th 2020 @ 17:48:16 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 (compatible; SMTBot/1.0; +http://www.similartech.com/smtbot)
161.35.66.233 - GET - HTTP/1.1 - Monday, May 4th 2020 @ 21:46:57 - Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.517 Safari/537.36My jail filter, but it does not work 🙁
[Definition]
failregex = ^<HOST> .* GET
ignoreregex = As I said, something off-toppic, but if you have mood, I am very interested in the implementation, write you then gladly by PM.
CU