SourceForge source: Prenesi si tukaj dodatni filtri za fail2ban požarni zid – klikni tukaj!

Pripravil sem vam nekaj mojih osebnih filtrov za Fail2Ban požarni zid, Apache Custom, WordPress, Error oz. filter za napake, mod_evasive oz. DDoS zaščita, itd…


Namestitev IPTables Požarni zid Linux za WEB Server ufw nekomplicirani požarni zid za linux ter fail2ban požarni zid za spletne aplikacije:

sudo iptables -L
sudo ip6tables -L

sudo nano /tmp/v4

Kopirajte v datoteko /tmp/v4 spodnje direktive, če ne uporabljate npr. PostFix ali katerikoli drugi program za Pošto ne rabi dajat filtra MAIL SMTP!!! ZBRIŠITE VSE DO COMMIN, SE PRAVI OSTANE -A FORWARD -j REJECT IN POL SPODAJ COMMIT, VSE TO SHRANITE:

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
-A INPUT -p tcp -–dport 22 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 80 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 443 -m state -–state NEW -j ACCEPT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m limit -–limit 5/min -j LOG -–log-prefix “iptables_INPUT_denied: ” -–log-level 7
-A FORWARD -m limit -–limit 5/min -j LOG -–log-prefix “iptables_FORWARD_denied: ” -–log-level 7
-A INPUT -j REJECT
-A FORWARD -j REJECT
-A INPUT -p icmp -m state -–state NEW -–icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m recent --dport 22 --set --name ssh --rsource
-A INPUT -p tcp -m state --state NEW -m recent --dport 22 ! --rcheck --seconds 60 --hitcount 6 --name ssh --rsource -j ACCEPT
# -------------- MAIL - Elektronska pošta porti:
#SMTP
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
#IMAP(S)
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
#POP(S)
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
COMMIT

Kreiraj še eno datoteko /tmp/v6

sudo nano /tmp/v6

Kopirajte v datoteko /tmp/v6 spodnje direktive in shrani datoteko:

*filter
# Allow all loopback (lo0) traffic and reject traffic
# to localhost that does not originate from lo0.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s ::1/128 -j REJECT
# Allow ICMP
-A INPUT -p icmpv6 -m state -–state NEW -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere
# (the normal ports for web servers).
-A INPUT -p tcp -–dport 80 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 443 -m state -–state NEW -j ACCEPT
# Allow inbound traffic from established connections.
-A INPUT -m state -–state ESTABLISHED,RELATED -j ACCEPT
# Log what was incoming but denied (optional but useful).
-A INPUT -m limit -–limit 5/min -j LOG -–log-prefix “ip6tables_INPUT_denied: ” -–log-level 7
# Reject all other inbound.
-A INPUT -j REJECT
# Log any traffic which was sent to you
# for forwarding (optional but useful).
-A FORWARD -m limit -–limit 5/min -j LOG -–log-prefix “ip6tables_FORWARD_denied: ” -–log-level 7
# Reject all traffic forwarding.
-A FORWARD -j REJECT
COMMIT

Zdaj samo namestimo iptables:

sudo iptables-restore < /tmp/v4
sudo ip6tables-restore < /tmp/v6

sudo apt-get install iptables-persistent

# VSI ODGOVORI DA - YES PRI NAMESTITVI!!!

sudo reboot

# PREVERIŠ iptables
sudo iptables -vL
sudo ip6tables -vL
Nekaj priročnih komand:
sudo systemctl is-enabled netfilter-persistent.service
sudo systemctl enable netfilter-persistent.service
sudo systemctl status netfilter-persistent.service
sudo systemctl restart netfilter-persistent.service

sudo /sbin/iptables-restore < /etc/iptables/rules.v4
sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
sudo /sbin/iptables-save > /etc/iptables/rules.v4
sudo /sbin/ip6tables-save > /etc/iptables/rules.v6

Blokada IP preko terminala iptables:
sudo iptables -A INPUT -s [IPNaslov] -j DROP
sudo iptables -A INPUT -m iprange –src-range [IPSTART]-[IPEND] -j DROP
sudo iptables -i eth1 -A INPUT -s [PODMREŽAIP SUBNET ADDRESS] -j DROP
sudo iptables -A INPUT -i [eth0 wlan0... Interface Name] -s [IPNaslov] -j DROP

Pripravil sem vam še za WEBMin iptables oz. Linux Požarni zid:

Zdaj boljša varinta konfiguracije iptables požarni zid za Linux operacijske sisteme, prenesite si zip datoteko iptableswebmin.zip ter obe datoteke se pravi iptables.up.rules in ip6tables.up.rules npr. preko WEBMin File Manager prenesete v mapo /etc/ !!!

Pojdite v WEBmin desni meni “Networking” in “Linux Firewall” tukaj zdaj boste imeli vse direktive in blokade, lahko dopisujete sproti zapirate omrežja ali pa odpirate vaše porte po želji… Za urejat datoteke iptables.up.rules in ip6tables.up.rules odprete WEBMin File Manager desni meni “Others” in “File Manager” odprete mapo /etc/ ter kliknete z desnem zgornjem kotu File in Upload to current directory (NE ZAZIPANE, ODPAKIRAJTE JIH PREJ V VAŠEM RAČUNALNIKU IN PRENESITE OBE) to bo vse. Za komentirat # ali odkomentirat direktive uporabite File Manager Edit file, in vsako po sebaj uredite po svoje, pozor pripravil sem vam večje število enakih direktiv za boljše razumevanje!

Namestite za vaš Strežnik OS Linux aplikacijo Fail2Ban: info komande

Primer v terminalu vašega Linuxa namestite aplikacijo Fail2Ban in še UFW oz. nekomplicirani požarni zid aplikacija Linux Ubuntu:

sudo apt-get update -y && sudo apt-get upgrade -y
sudo apt-get install ufw
sudo apt-get install fail2ban

Začetna konfiguracija UFW – Če nimate e-pošte ne rabi sprostit portov tem kjer je IP in port 22 vpišite svoj IP računalnika ali omrežja iz katerega se povezujete – ponavadi vaš prenosnik MAC ali Windows – Pametni telefon, Tablika, itd. operacijski sistem:

sudo ufw allow 80
sudo ufw allow 443
sudo ufw limit ssh/tcp
sudo ufw allow 25
sudo ufw allow 110
sudo ufw allow 143
sudo ufw allow 465
sudo ufw allow 587
sudo ufw allow 993
sudo ufw allow 995
sudo ufw allow 1080
sudo ufw allow 8080
sudo ufw allow 8888
sudo ufw allow 10000
sudo ufw allow from 192.168.0.200 port 22

sudo ufw enable
sudo ufw status

Začetek konfiguracije Fail2Ban – za komande glejte https://www.fail2ban.org/wiki/

sudo service fail2ban restart
sudo service fail2ban start
sudo service fail2ban status
sudo iptables -L -n --line
sudo service fail2ban stop
sudo fail2ban-client set recidive unbanip 107.170.186.79
sudo fail2ban-client set apache-auth unbanip 198.16.66.155
sudo fail2ban-client set wordpress unbanip 104.236.195.72
sudo fail2ban-client set webmin-auth unbanip 89.212.137.96
itd... odblokirat Blokiran IP v določenem filtru f2b!!!
sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

[sshd]
mode    = aggressive
enabled = true
port    = ssh
filter  = sshd
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 6
bantime = -1
banaction = %(banaction_allports)s

[apache-auth]
enabled  = true
filter   = apache-auth
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 3
bantime  = 1h
banaction = %(banaction_allports)s

[apache-badbots]
enabled = true
filter  = apache-badbots
port    = http,https
logpath = %(apache_access_log)s
maxretry = 2
bantime  = 3h
banaction = %(banaction_allports)s

[apache-noscript]
enabled = true
filter  = apache-noscript
port    = http,https
logpath = %(apache_error_log)s
maxretry = 2
bantime  = 3h
banaction = %(banaction_allports)s

[apache-overflows]
enabled = true
filter  = apache-overflows
port    = http,https
logpath = %(apache_error_log)s
maxretry = 2
bantime  = 3h
banaction = %(banaction_allports)s

[apache-nohome]
enabled = true
filter  = apache-nohome
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
bantime = 3h
banaction = %(banaction_allports)s

[apache-botsearch]
enabled = true
filter  = apache-botsearch
port     = http,https
logpath  = %(apache_error_log)s
maxretry = 2
bantime = 3h
banaction = %(banaction_allports)s

[apache-fakegooglebot]
enabled = true
filter  = apache-fakegooglebot
port     = http,https
logpath  = %(apache_access_log)s
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
maxretry = 2
bantime = 3h
banaction = %(banaction_allports)s

[apache-modsecurity]
enabled = true
filter  = apache-modsecurity
port    = http,https
logpath = %(apache_error_log)s
maxretry = 2
bantime = 3h
banaction = %(banaction_allports)s

[apache-shellshock]
enabled = true
filter  = apache-shellshock
port    = http,https
logpath = %(apache_error_log)s
maxretry = 2
bantime = 3h
banaction = %(banaction_allports)s

[apache-myadmin]
enabled = true
filter  = apache-myadmin
port = http,https
#logpath = /var/log/apache2/access.log
logpath = %(apache_access_log)s
action = iptables-multiport[name=apache-myadmin, port="http,https", protocol=tcp]
maxretry = 6
bantime = -1
banaction = %(banaction_allports)s

[php-url-fopen]
enabled = true
filter = php-url-fopen
port = http,https
logpath = %(apache_access_log)s
maxretry = 1
bantime	= 48h
banaction = %(banaction_allports)s

[mysqld-auth]
enabled  = true
filter   = mysqld-auth
maxretry = 2
bantime = -1
findtime = 86400
port     = 3306
logpath  = %(mysql_log)s
backend  = %(mysql_backend)s

[pam-generic]
# pam-generic filter can be customized to monitor specific subset of 'tty's
banaction = %(banaction_allports)s
logpath  = %(syslog_authpriv)s
backend  = %(syslog_backend)s
maxretry = 6
bantime = -1
findtime = 864000
enabled  = true
filter   = pam-generic

[recidive]
enabled  = true
filter   = recidive
maxretry = 3
findtime = 2d
bantime  = 2w
logpath  = /var/log/fail2ban.log
banaction = %(banaction_allports)s

[phpmyadmin-syslog]
port    = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
enabled  = true
filter   = phpmyadmin-syslog

[http-dos]
enabled = true
filter = http-dos 
port = http,https
logpath = %(apache_access_log)s
maxretry = 300
findtime = 300
bantime = 1h
banaction = %(banaction_allports)s
#action = iptables-multiport[name=http-dos, port="http,https"]
# 12ur=43200 24=86400 48=172800 6h= 21600 32h=115200

[wordpress]
enabled = true
filter = wordpress
port = http,https
logpath = %(apache_access_log)s
maxretry = 12
bantime = -1
banaction = %(banaction_allports)s
# Določilo v kolikem času fali 10800 sekund ali vpišete 
# 1h ure - 2d dni - 3w tedni po želji vaš ban -1 pomeni za vedno!!!
#findtime = 10800
#action    = iptables-multiport[name=wordpress, port="http,https"]

Apache phpMYAdmin Filter.d fail2ban zaščita vašega phpMyAdmin:

sudo nano /etc/fail2ban/filter.d/apache-myadmin.conf

Kopiraj v filter apache-myadmin zaščitne direktive to spodaj:

[Definition]

failregex = .*\[client <HOST>:[0-9]+\] phpmyadmin: authentification failed.*
	    [[]client <HOST>[]] File does not exist: /\S*phpmyadmin*
            [[]client <HOST>[]] File does not exist: /\S*phpMyAdmin*
            [[]client <HOST>[]] File does not exist: /\S*PMA*
            [[]client <HOST>[]] File does not exist: /\S*pma*
            [[]client <HOST>[]] File does not exist: /\S*admin*
            [[]client <HOST>[]] File does not exist: /\S*dbadmin*
            [[]client <HOST>[]] File does not exist: /\S*sql*
            [[]client <HOST>[]] File does not exist: /\S*mysql*
            [[]client <HOST>[]] File does not exist: /\S*myadmin*
            [[]client <HOST>[]] File does not exist: /\S*MyAdmin*
            [[]client <HOST>[]] File does not exist: /\S*phpmyadmin2*
            [[]client <HOST>[]] File does not exist: /\S*phpMyAdmin2*
            [[]client <HOST>[]] File does not exist: /\S*phpMyAdmin-2*
            [[]client <HOST>[]] File does not exist: /\S*php-my-admin*
            [[]client <HOST>[]] File does not exist: /\S*sqlmanager*
            [[]client <HOST>[]] File does not exist: /\S*mysqlmanager*
            [[]client <HOST>[]] File does not exist: /\S*PMA2005*
            [[]client <HOST>[]] File does not exist: /\S*pma2005*
            [[]client <HOST>[]] File does not exist: /\S*phpmanager*
            [[]client <HOST>[]] File does not exist: /\S*php-myadmin*
            [[]client <HOST>[]] File does not exist: /\S*phpmy-admin*
            [[]client <HOST>[]] File does not exist: /\S*webadmin*
            [[]client <HOST>[]] File does not exist: /\S*sqlweb*
            [[]client <HOST>[]] File does not exist: /\S*websql*
            [[]client <HOST>[]] File does not exist: /\S*webdb*
            [[]client <HOST>[]] File does not exist: /\S*mysqladmin*
            [[]client <HOST>[]] File does not exist: /\S*mysql-admin*
ignoreregex =

Filter.d fail2ban http-dos.conf za GET – POST na mesto Napade npr. s tem primerom velja 300 zahtevkov v 300 sekundah ban oz. prepoved 1 uro vi si nastavite po svoje local.jail parametre filtra:

sudo nano /etc/fail2ban/filter.d/http-dos.conf

Kopirajte v datoteko http-dos.conf spodnje direktive – shranite in zaženite ponovno fail2ban program:

[Definition]

failregex = ^<HOST> -.*"(GET|POST).* 

ignoreregex =
sudo service fail2ban restart

sudo service fail2ban status

Za local.jail dodajte samo na koncu spodnjo direktivo – 300 ali get ali post ali kombinirano v 300 sekundah ban oz. prepoved za 1uro, dajte več:

[http-dos]
enabled = true
filter = http-dos 
port = http,https
logpath = %(apache_access_log)s
maxretry = 300
findtime = 300
bantime = 1h
banaction = %(banaction_allports)s

Boljša varianta od zgornjega modula je namesitev modula apache modsecurity ali apache evasive:

sudo apt-get install libapache2-mod-evasive

mkdir /var/log/mod_evasive/
chown www-data:www-data /var/log/mod_evasive/
sudo nano /etc/apache2/mods-enabled/evasive.conf

<IfModule mod_evasive20.c>
DOSHashTableSize 3079
DOSPageCount 24
DOSSiteCount 90
#DOSPageInterval 1
#DOSSiteInterval 1
#DOSBlockingPeriod 10

#DOSEmailNotify “root@domain.com”
#DOSSystemCommand “/bin/sleep 10; /bin/rm /var/log/mod_evasive/dos-%s”
DOSLogDir “/var/log/mod_evasive/”

DOSWhitelist 127.0.*.*
DOSWhitelist 192.168.*.*
</IfModule>

Fail2Ban integracija; sudo nano /etc/fail2ban/filter.d/apache-mod_evasive.local

[Definition] failregex = mod_evasive.*: Blacklisting address <HOST>: possible DoS attack.
ignoreregex = 

sudo  nano /etc/fail2ban/jail.local

[apache-mod_evasive] enabled = true
filter = apache-mod_evasive
logpath = %(syslog_daemon)s
maxretry = 1
bantime = 1h
banaction = %(banaction_allports)s
#action = %(action_mwl)s   

 

Apache kode oz. direktive testiranje in ponovni zagon:

sudo apache2ctl configtest
sudo apache2ctl -t
sudo apache2ctl graceful
sudo service apache2 reload
sudo service apache2 restart

Dodatek zaščita WordPress prijava – Fail2Ban App – Požarni Zid Linux:

sudo nano /etc/fail2ban/jail.local

Npr. na koncu datoteke jail.local kopirajte spodnje direktive to si lahko sami po želji nastavite trenutna nastavitev 12 krat fališ prijavo in si blokiran za vedno:

[wordpress]
enabled = true
filter = wordpress
port = http,https
logpath = %(apache_access_log)s
maxretry = 12
bantime = -1
banaction = %(banaction_allports)s
# Določilo v kolikem času fali 10800 sekund ali vpišete 
# 1h ure - 2d dni - 3w tedni po želji vaš ban -1 pomeni za vedno!!!
#findtime = 10800
#action    = iptables-multiport[name=wordpress, port="http,https"]

Zdaj še ustvarite novi filter, ki se bo klical wordpress.conf

sudo nano /etc/fail2ban/filter.d/wordpress.conf

Kopirajte v datoteko wordpress.conf spodnje direktive:

[Definition]
            
failregex = ^<HOST> .* "POST .*wp-login.php
            ^<HOST> .* "POST .*xmlrpc.php
#            ^<HOST> .* "POST .*/prijava/*
# Tam kjer je npr. /prijava/ daste vašo prijavno stran wordpress
            
ignoreregex = 

Drugo, je še aktivacija za vaš FTP račun, če ste namestili server, preglejte celotno datoteko local.jail – vklopite samo filtre aplikacij, ki so nameščene na vašem strežniku, ne vklapljat brezveznih filtrov f2b, če nimate npr. programa oz. app za FTP, ali webmin npr. port 10000 itd…, če aplikacije nimate jo ne vklapljate oz. filtra ne vklopit

enabled = true
filter = ime-filtra

Za dodatne zaščite strežnika si poglejte dokumentacijo na naših straneh za direktne prenose in izmenjavo datotek PCS – NET Portorož – HCS@2000 Perc Scripts 1999 Slovenia – Vse informacije boste dobili v pdf obliki ali doc!!!

Dodatna zaščita Spletna Aplikacija DDL Enigma oz. Direct Downloads sFTP skolzi WWW:

Fail2Ban aplikacijo lahko uporabite za zaščito vsake vaše aplikacije na strežniku WEBMail oz. Pošta, FTP računi,… itd… skratka vse spletne aplikacije se da odlično zaščititi s Požarnim Zidom Fail2Ban v sodelovanju z UFW. Primer spodaj, če ste si namestili DDL Enigma program, ne pozabit pri namestitvi menjat predpono tablefrefix ddl_ zamenjajte pri namestitvi v vašo karkoli npr. mojetabele_

Zdaj. ko ste namestili aplikacijo na vaš strežnik, še ustvarite novi filter.d za Fail2Ban, ki se bo klical ddlenigma.conf – če ste aplikacjo za Direktne Prenose Datotek namestili npr. v mapo na strežniku /home/www/prenosi/ — Pol obvezno railregex vpišete za pot-mapa-prenosi samo .* “POST .*/prenosi/* ali drugo mapo npr. /htdocs/ddlenigma/ vpišete samo .* “POST .*/ddlenigma/* za filter zaščita prijavnega mesta: (Kopirajte spodnje direktive v filter.d/ddlenigma.conf, če ne uporabljate nobene dodatne mape za DDL enigma in je nameščena kot edina WEB App se pravi /htdocs/index.php ??? V TEM PRIMERU SPUSTITE PRVO DIREKTIVO ^ HOST .* “POST .*/pot-mapa-prenosi/* ZBRIŠITE TO IN VSE SPODNJE DIREKTIVE POD loginpage.php!!!

[Definition]
failregex = ^<HOST> .* "POST .*/pot-mapa-prenosi/*
            ^<HOST> .* "POST .*/index.php?login 
            ^<HOST> .* "POST .*index.php
            ^<HOST> .* "POST .*login.php
            ^<HOST> .* "POST .*process.php
            ^<HOST> .* "POST .*loginpage.php

<HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "POST /pot-mapa-prenosi/* HTTP/1.1" 200
<HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "POST /pot-mapa-prenosi/index.php?login HTTP/1.1" 200
	    ^<HOST> .* "POST /pot-mapa-prenosi/index.php?login 

ignoreregex =   

# Ta filter bi naredili v action.d, ma ne rabi, odvisno je od vaše 
# konfiguracije strežnika in zaščite - načinov je ogromno...
#actionstart =
#actionstop =
#actioncheck =
#actionban = ufw insert 1 deny from <ip> to any
#actionunban = ufw delete deny from <ip> to any

Zdaj ko smo shranili naš filter za zaščito prenosov in izmenjavo datotek FTP računi in spletni prenosi aplikacij do 2048 megabajtov na datoteko preko php transporta podatkov na FTP. Drugače FTP direktno vsi računi nimajo nobenih omejitev na datoteko, se pravi tudi 1 TB in več na datoteko je možen – Preberite si dobro navodila za uporabo in konfiguracijo php skriptov ter povezavo z vašimi FTP računi. Integracija Direktni Prenosi Datotek z Fail2Ban jail.local filtri aktivacija ddlenigma:

sudo nano /etc/fail2ban/jail.local

Na koncu datoteke jail.local Fail2Ban aktivacija programa in filtrov kopirajte spodnje direktive:

[ddlenigma]
enabled	= true
filter = enigma
port = http,https
logpath = %(apache_access_log)s
maxretry = 6
bantime = -1
banaction = %(banaction_allports)s
action = iptables-multiport[name=ddlenigma, port="http,https"]
#findtime = 12

To pomeni zdaj, da ste zaščiteni kot sibirski medved, ne pozabit, če uporabljate npr. vašo spletno pošto linux, npr. nasvet namestite si samo te programa:

Primer kaj morate imeti nameščeno za vaš WEB Strežnik Linux – CMS WordPress ali katerakoli druga spletna aplikacija:

sudo apt-get update -y && sudo apt-get upgrade -y
sudo apt-get install apache2 -y
sudo apt-get install php libapache2-mod-php php-ssh2 php-apcu php-smbclient php-imagick libmagickcore-dev -y
sudo apt-get install mariadb-client mariadb-server php-mysql php-mbstring -y
sudo apt-get install phpmyadmin -y

sudo nano /etc/php/7.3/apache2/php.ini
max_execution_time = 60
memory_limit = 256M 
post_max_size = 512M
upload_max_filesize = 2048M
log_errors = On
error_log = /var/log/php/error.log
#shrani in ustvari mapo za loge npr. s komandami:

sudo mkdir -p /var/log/php
sudo chown www-data /var/log/php

*******************************

#Fail2Ban enostavno:
sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

## PHP 7.4
sudo apt install apt-transport-https -y

sudo apt-get -y install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg

sudo sh -c 'echo "deb https://packages.sury.org/php/ $ (lsb_release -sc) main"> /etc/apt/sources.list.d/php.list'

sudo apt update

sudo apt install php7.4 php7.4-common php7.4-cli

sudo apt install php7.4-curl php7.4-json php7.4-gd php7.4-mbstring php7.4-intl php7.4-bcmath php7.4-bz2 php7.4-readline php7.4-zip
sudo apt install libapache2-mod-php7.4

## Ali module:
sudo apt install php7.4-{common,mysql,xml,xmlrpc,curl,gd,imagick,cli,dev,imap,mbstring,opcache,soap,zip,intl,bcmath} -y



# Certifikat Lets Encript.... USA oz. ZDA Namestitev
sudo apt-get install python-certbot-apache certbot
sudo apt-get install certbot
certbot --apache
sudo certbot --apache certonly
sudo certbot renew --dry-run


# Apache komande restart oz. ponovni zagon
sudo /etc/init.d/apache2 restart
sudo service apache2 restart
sudo apache2ctl configtest
sudo apache2ctl -t
sudo apache2ctl graceful
sudo /etc/init.d/apache2 restart

Nastavite vaš strežnik zdaj še za ePošto – PostFix info razvijalcev osnovne nastavitve:

http://www.postfix.org/BASIC_CONFIGURATION_README.html

sudo apt-get install ssmtp -y && sudo apt-get install mailutils -y && sudo apt-get install mpack -y && sudo apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql -y && sudo apt-get install telnet -y

Odgovorite vse Yes oz. DA, internet mail oz. pošta!!!

Namestitev opcija FTP strežnik – izberite enega pro ali pure ali vsftpd po želji – Primer za generitat certifikat za vaš FTP račun:

sudo apt-get install proftpd -y
sudo openssl req -x509 -nodes -days 9990 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.pem -out /etc/ssl/private/proftpd.pem

sudo apt-get install pure-ftpd -y
sudo openssl req -x509 -nodes -days 9990 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

sudo apt-get install vsftpd -y
sudo nano /etc/vsftpd.conf
# PERC CUSTOM - pot in uporabniško ime popravite v svoje podatke
ssl_enable=YES
local_enable=YES
chroot_local_user=YES
local_root=/home/www/wordpress
user_sub_token=uporabnik123linux
write_enable=YES
local_umask=002
allow_writeable_chroot=YES
ftpd_banner=Ciao na mojem FTP servisu.

sudo service vsftpd restart

No-ip.com – DDNS Domene Brezplačno namestitev linux – Če nimate doma fiksnega omrežja je to odlično za vašo poslovno ali osebno uporabo:

Obvezno SUDO SU namestite app kot ROOT !!!

root@mojserverlinux:~ $ cd /usr/local/src/

cd /usr/local/src/

sudo wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz

tar xf noip-duc-linux.tar.gz

sudo rm noip-duc-linux.tar.gz

cd noip-2.1.9-1/

sudo make install

### Zdaj še samo kopirajte v rc.local direktivo sudo noip2
cd /etc/
sudo nano rc.local
#Vstavi spodnjo komando in shrani datoteko
sudo noip2

#zaštartaj linux
sudo reboot
sudo shutdown -r now

# Preveri če dela vse pravilno
sudo noip2 -S

Dodatne direktive filter.d Fail2Ban za napake oz. IPje, ki prejemajo stran 403 – primer lastna konfiguracija – NI POTREBNO:

Ustvarite si nov filter za napade in neavtorizirane poizvedbe na vašem strežniku – Blokada vseh IP, ki prejmejo s tem primeru stran error.html ali napaka.html oz. stran 403 – NEAVTORIZIRANI PRISTOP

sudo nano /etc/fail2ban/filter.d/napaka.conf

Dodajte spodnje direktive oz. vaše strani 400 – 401 – 403 v filter.d Fail2Ban napaka.conf (vpištite vaš dokument za napake 400, 401 in 403!!!:

[Definition]

failregex = ^<HOST> .* "GET .*error.html
            ^<HOST> .* "GET .*napaka.html
            ^<HOST> .* "GET .* HTTP/1.1" 403
            <HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "GET /* HTTP/1.1" 403
            <HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "GET /error.html HTTP/1.1" 200
            <HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "GET /napaka.html HTTP/1.1" 200
            
            ^<HOST> -.* "GET /error.html .* 
            ^<HOST> .* "GET .*/* HTTP/1.1" 403
            ^<HOST> .* "GET .*/* HTTP/1.1" 400
            ^<HOST> .* "GET .*/* HTTP/1.1" 401
#            \[89.212.137.96]\  \[.*]\ \[.*]\ \[3]\ \[<HOST>]\.* "GET / HTTP/1.1" 403

ignoreregex =  

Zdaj še vklopit vaš filter za napake v jail.local – fail2ban:

sudo nano /etc/fail2ban/jail.local

Dodajte na koncu spodnji filter napaka, kateri bo vsak IP ki dobi 24 krat stran NEAVTORIZIRAN 403 – BLOKADA ZA DVA DNI:

[napaka]
enabled	= true
filter = napaka
port = http,https
logpath	= %(apache_access_log)s
maxretry = 24
bantime = 1h
action = iptables-multiport[name=napaka, port="http,https"]
banaction = %(banaction_allports)s

 

 

Zdaj še ključne mape in aplikacije zaščitite preko .htaccess datoteke tako, da npr. v vsako mapo, ki jo želite zaščititi za dostop kopirate spodnje direktive, shranite to spodaj v .htaccess ime datoteke!!!

sudo nano /var/www/potstrani/mapa/.htaccess
#AuthUserFile /dev/null
#AuthGroupFile /dev/null
#AuthName "PCSNET Admin Access Control"
#AuthType Basic

<LIMIT GET HEAD POST>
order deny,allow
deny from all
# whitelist PiramideStudioNET address
allow from 192.168.0.1
allow from 192.168.0.100
allow from 192.168.0.101
allow from 192.168.0.106
allow from 192.168.0.200
allow from 198.77.77.177
allow from 197.77.77.177
allow from 93.103.113.142
allow from 89.212.137.96
deny from all
</Limit>
ErrorDocument 403 https://oglasi.hopto.org/error3.html
ErrorDocument 400 https://oglasi.hopto.org/error0.html
ErrorDocument 401 https://oglasi.hopto.org/error1.html
ErrorDocument 402 https://oglasi.hopto.org/error2.html
ErrorDocument 404 https://oglasi.hopto.org/error4.html
ErrorDocument 500 https://oglasi.hopto.org/error5.html
# Tukaj določite vaše strani za napake, vse to je že narejeno če 
# boste uporabili modul Apache General Config = 
# /etc/apache2/conf-available/localized-error-pages.conf 
# odprite to datoteko in odkomentirajte spodaj kjer si nahajajo 
# error strani ali pa vpišete lahko tudi vaše narejene 
# npr. html strani z napakami!!!!

<Files .htaccess>
Order allow,deny
Deny from all
</Files>

# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

Options All -Indexes

AddLanguage sl .sl

Te gor direktive “Options All -Indexes”, če dodate v vaš .htaccess pomenijo, da nihče izven vašega omrežja ne more skenirati vaše mreže, in ne more dostopati do te mape, če poizkusi dostopati ga vrže na stran error.html oz. 403 !!! Za wordpress-joomla-drupal si poberite že narejen .htaccess in našega mesta DDL Enigma – Direktni prenosi in izmenjava datotek!!!

Primer nastavitve .htaccess datoteke tako, da lahko do vaših map ali spletnih aplikacij dostopajo le slovenski računalniki – to ne pomeni, da vas ne bodo poizkušali hackati preko naših Slovenskih Proxy ali VPN s katerimi se poslužujejo hackerji! spet kopirajte spodnje direktive v .htaccess datoteko in jo prenesite v mape, ki jih želite zaščititi:

Apache 2.0 Konfiguracija .htaccess - Dovoli samo Slovenska omrežja
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>

Options All -Indexes

<Limit GET HEAD POST>
order deny,allow
allow from 89.212.137.96
allow from 93.103.113.142
allow from 5.32.136.0/21
allow from 5.157.72.0/21
allow from 5.249.176.0/20
allow from 31.6.59.0/24
allow from 31.7.192.0/19
allow from 31.15.128.0/17
allow from 32.106.114.0/24
allow from 32.112.59.0/24
allow from 34.99.184.0/23
allow from 34.103.136.0/23
allow from 34.103.200.0/23
allow from 37.1.89.128/25
allow from 37.18.224.0/20
allow from 37.19.64.0/21
allow from 37.230.133.0/24
allow from 37.252.224.0/24
allow from 38.28.1.68/32
allow from 38.28.1.247/32
allow from 45.10.240.0/22
allow from 45.15.64.0/22
allow from 45.138.220.0/22
allow from 45.138.244.0/22
allow from 45.138.252.0/22
allow from 45.141.168.0/22
allow from 45.146.232.0/22
allow from 45.147.136.0/22
allow from 45.149.92.0/22
allow from 45.157.4.0/22
allow from 45.157.252.0/22
allow from 45.158.60.0/22
allow from 45.158.236.0/22
allow from 46.19.8.0/24
allow from 46.19.9.0/25
allow from 46.19.9.136/29
allow from 46.19.9.144/28
allow from 46.19.9.160/27
allow from 46.19.9.192/26
allow from 46.19.10.0/24
allow from 46.19.11.0/25
allow from 46.19.11.128/26
allow from 46.19.11.216/29
allow from 46.19.11.224/27
allow from 46.19.12.0/22
allow from 46.23.0.0/20
allow from 46.54.128.0/17
allow from 46.122.0.0/15
allow from 46.150.32.0/19
allow from 46.151.232.0/21
allow from 46.163.3.0/24
allow from 46.163.4.0/22
allow from 46.163.8.0/21
allow from 46.163.16.0/20
allow from 46.163.32.0/20
allow from 46.163.48.224/28
allow from 46.163.52.0/24
allow from 46.163.56.0/23
allow from 46.163.60.56/29
allow from 46.163.60.64/29
allow from 46.164.0.0/18
allow from 46.182.224.0/21
allow from 46.248.64.0/19
allow from 46.254.0.0/21
allow from 46.254.56.0/21
allow from 46.254.144.0/21
allow from 57.90.224.0/20
allow from 62.40.96.10/32
allow from 62.40.96.23/32
allow from 62.40.98.17/32
allow from 62.40.98.28/31
allow from 62.40.98.33/32
allow from 62.40.98.38/32
allow from 62.40.124.5/32
allow from 62.40.124.6/32
allow from 62.40.126.237/32
allow from 62.40.126.238/32
allow from 62.67.191.120/30
allow from 62.84.224.0/20
allow from 63.167.237.196/32
allow from 77.38.0.0/17
allow from 77.73.104.0/22
allow from 77.94.128.0/21
allow from 77.94.136.0/22
allow from 77.94.140.0/23
allow from 77.94.142.0/24
allow from 77.94.143.0/29
allow from 77.94.143.16/28
allow from 77.94.143.32/27
allow from 77.94.143.64/26
allow from 77.94.143.128/25
allow from 77.94.144.0/20
allow from 77.111.0.0/18
allow from 77.234.128.0/19
allow from 78.153.32.0/19
allow from 80.95.224.0/20
allow from 80.246.224.0/20
allow from 80.247.77.98/32
allow from 81.17.224.0/22
allow from 81.92.241.112/29
allow from 82.149.0.0/19
allow from 82.192.32.0/19
allow from 82.214.64.0/21
allow from 82.214.72.0/22
allow from 82.214.79.0/24
allow from 82.214.120.0/22
allow from 82.214.124.0/23
allow from 83.97.88.13/32
allow from 83.97.88.14/32
allow from 83.97.89.62/31
allow from 84.20.224.0/19
allow from 84.39.208.0/20
allow from 84.41.0.0/22
allow from 84.41.4.0/25
allow from 84.41.4.128/28
allow from 84.41.4.160/27
allow from 84.41.4.192/26
allow from 84.41.5.0/24
allow from 84.41.6.0/23
allow from 84.41.8.0/21
allow from 84.41.16.0/20
allow from 84.41.32.0/19
allow from 84.41.64.0/19
allow from 84.41.96.0/21
allow from 84.41.104.0/29
allow from 84.41.104.48/28
allow from 84.41.104.104/29
allow from 84.41.104.112/28
allow from 84.41.104.128/29
allow from 84.41.104.168/29
allow from 84.41.104.184/29
allow from 84.41.104.200/29
allow from 84.41.108.0/29
allow from 84.41.108.24/29
allow from 84.41.108.32/27
allow from 84.41.108.64/27
allow from 84.41.108.112/28
allow from 84.41.108.144/28
allow from 84.41.108.160/28
allow from 84.41.108.192/28
allow from 84.41.108.232/29
allow from 84.41.108.248/29
allow from 84.41.110.0/27
allow from 84.41.110.40/29
allow from 84.41.110.48/28
allow from 84.41.110.64/26
allow from 84.41.110.128/25
allow from 84.41.111.0/24
allow from 84.41.112.0/24
allow from 84.41.114.0/24
allow from 84.41.115.224/27
allow from 84.41.116.32/28
allow from 84.41.116.80/29
allow from 84.41.116.96/29
allow from 84.41.116.200/29
allow from 84.41.116.224/28
allow from 84.41.117.32/29
allow from 84.41.117.48/28
allow from 84.41.117.80/28
allow from 84.41.117.96/27
allow from 84.41.117.144/29
allow from 84.41.117.160/28
allow from 84.41.117.232/29
allow from 84.41.117.240/28
allow from 84.41.118.32/28
allow from 84.41.118.56/29
allow from 84.41.118.192/28
allow from 84.41.118.224/27
allow from 84.41.119.16/28
allow from 84.41.119.32/29
allow from 84.41.119.48/29
allow from 84.41.119.64/26
allow from 84.41.119.128/28
allow from 84.41.119.144/29
allow from 84.41.119.160/27
allow from 84.41.119.192/28
allow from 84.41.119.208/29
allow from 84.41.119.224/29
allow from 84.41.119.240/28
allow from 84.41.124.0/22
allow from 84.52.128.0/18
allow from 84.255.192.0/18
allow from 85.10.0.0/19
allow from 85.10.32.0/20
allow from 85.208.172.0/22
allow from 86.58.0.0/17
allow from 86.61.0.0/18
allow from 86.61.64.0/20
allow from 86.61.80.0/21
allow from 86.61.88.0/22
allow from 86.61.92.0/24
allow from 86.61.95.0/24
allow from 86.61.96.0/19
allow from 87.119.128.0/19
allow from 88.200.0.0/17
allow from 89.31.150.168/31
allow from 89.31.150.170/32
allow from 89.142.0.0/16
allow from 89.143.0.0/17
allow from 89.143.128.0/18
allow from 89.143.192.0/19
allow from 89.143.224.0/20
allow from 89.143.244.0/22
allow from 89.143.248.0/21
allow from 89.212.0.0/16
allow from 89.233.112.0/20
allow from 90.157.128.0/17
allow from 91.132.72.0/23
allow from 91.132.208.0/22
allow from 91.185.192.0/19
allow from 91.195.146.0/23
allow from 91.198.0.0/24
allow from 91.198.52.0/24
allow from 91.198.96.0/24
allow from 91.198.112.0/24
allow from 91.198.190.0/24
allow from 91.198.214.0/24
allow from 91.199.23.0/24
allow from 91.199.61.0/24
allow from 91.199.124.0/24
allow from 91.199.131.0/24
allow from 91.199.142.0/24
allow from 91.199.161.0/24
allow from 91.199.201.0/24
allow from 91.199.235.0/24
allow from 91.202.64.0/22
allow from 91.208.27.0/24
allow from 91.208.88.0/24
allow from 91.208.101.0/24
allow from 91.208.125.0/24
allow from 91.208.168.0/24
allow from 91.208.200.0/24
allow from 91.208.225.0/24
allow from 91.209.18.0/24
allow from 91.209.49.0/24
allow from 91.209.132.0/24
allow from 91.209.145.0/24
allow from 91.209.150.0/24
allow from 91.209.181.0/24
allow from 91.209.188.0/24
allow from 91.209.207.0/24
allow from 91.209.237.0/24
allow from 91.209.251.0/24
allow from 91.212.24.0/24
allow from 91.212.134.0/24
allow from 91.212.199.0/24
allow from 91.212.208.0/24
allow from 91.212.251.0/24
allow from 91.213.80.0/24
allow from 91.213.89.0/24
allow from 91.213.131.0/24
allow from 91.213.147.0/24
allow from 91.213.241.0/24
allow from 91.216.54.0/24
allow from 91.216.74.0/24
allow from 91.216.87.0/24
allow from 91.216.109.0/24
allow from 91.216.172.0/24
allow from 91.217.92.0/23
allow from 91.217.122.0/23
allow from 91.217.126.0/23
allow from 91.217.222.0/24
allow from 91.217.255.0/24
allow from 91.220.55.0/24
allow from 91.220.78.0/24
allow from 91.220.107.0/24
allow from 91.220.119.0/24
allow from 91.220.156.0/24
allow from 91.220.194.0/24
allow from 91.220.213.0/24
allow from 91.220.221.0/24
allow from 91.220.240.0/24
allow from 91.221.170.0/23
allow from 91.223.26.0/24
allow from 91.223.39.0/24
allow from 91.223.43.0/24
allow from 91.223.49.0/24
allow from 91.223.80.0/24
allow from 91.223.113.0/24
allow from 91.223.115.0/24
allow from 91.223.166.0/24
allow from 91.223.174.0/24
allow from 91.223.182.0/24
allow from 91.223.189.0/24
allow from 91.223.193.0/24
allow from 91.223.197.0/24
allow from 91.223.230.0/24
allow from 91.223.238.0/24
allow from 91.224.172.0/23
allow from 91.224.238.0/23
allow from 91.225.96.0/22
allow from 91.226.77.0/24
allow from 91.226.246.0/24
allow from 91.227.43.0/24
allow from 91.227.110.0/23
allow from 91.228.207.0/24
allow from 91.229.72.0/24
allow from 91.230.90.0/24
allow from 91.230.238.0/24
allow from 91.232.234.0/24
allow from 91.232.239.0/24
allow from 91.233.163.0/24
allow from 91.235.82.0/24
allow from 91.235.242.0/24
allow from 91.236.1.0/24
allow from 91.237.33.0/24
allow from 91.237.132.0/22
allow from 91.239.96.0/23
allow from 91.239.193.0/24
allow from 91.240.52.0/22
allow from 91.240.216.0/24
allow from 91.245.193.0/24
allow from 91.246.224.0/19
allow from 92.37.0.0/17
allow from 92.53.128.0/18
allow from 92.60.70.0/32
allow from 92.60.70.2/32
allow from 92.60.70.4/32
allow from 92.60.70.6/31
allow from 92.60.70.8/29
allow from 92.60.70.16/29
allow from 92.60.70.24/32
allow from 92.60.70.26/32
allow from 92.60.70.28/30
allow from 92.60.70.32/28
allow from 92.60.70.48/31
allow from 92.60.70.54/31
allow from 92.60.70.56/29
allow from 92.60.70.64/29
allow from 92.60.70.72/31
allow from 92.60.70.76/30
allow from 92.60.70.80/28
allow from 92.60.70.96/27
allow from 92.60.70.128/25
allow from 92.60.72.0/22
allow from 92.60.79.0/24
allow from 92.63.16.0/20
allow from 92.119.72.0/22
allow from 92.244.64.0/19
allow from 92.249.28.0/24
allow from 93.103.0.0/16
allow from 94.103.64.0/20
allow from 94.103.244.0/22
allow from 94.127.24.0/21
allow from 94.140.64.0/19
allow from 95.87.128.0/18
allow from 95.143.85.120/29
allow from 95.143.144.0/20
allow from 95.159.192.0/18
allow from 95.176.128.0/17
allow from 109.123.0.0/18
allow from 109.127.192.0/18
allow from 109.182.0.0/16
allow from 109.202.120.0/21
allow from 109.239.176.0/20
allow from 113.29.79.0/32
allow from 128.90.175.0/24
allow from 130.117.1.106/32
allow from 130.117.2.82/32
allow from 130.117.48.73/32
allow from 130.117.48.82/32
allow from 130.117.51.65/32
allow from 130.117.51.66/32
allow from 130.244.33.85/32
allow from 130.244.61.25/32
allow from 139.92.33.1/32
allow from 139.92.116.1/32
allow from 141.29.0.0/17
allow from 141.29.128.0/19
allow from 141.29.160.0/22
allow from 141.29.165.0/24
allow from 141.29.166.0/23
allow from 141.29.168.0/21
allow from 141.29.176.0/20
allow from 141.29.192.0/19
allow from 141.29.224.0/21
allow from 141.29.232.0/22
allow from 141.29.237.0/24
allow from 141.29.238.0/23
allow from 141.29.240.0/20
allow from 141.255.192.0/18
allow from 145.14.4.0/22
allow from 145.14.8.0/21
allow from 145.14.48.0/21
allow from 146.212.0.0/16
allow from 146.247.24.0/21
allow from 147.78.216.0/22
allow from 149.5.192.1/32
allow from 149.5.192.32/29
allow from 149.6.52.0/30
allow from 149.6.52.8/29
allow from 149.6.52.17/32
allow from 149.6.52.21/32
allow from 149.6.52.24/30
allow from 149.6.52.29/32
allow from 149.6.52.33/32
allow from 149.6.52.37/32
allow from 149.6.52.40/29
allow from 149.6.52.49/32
allow from 149.6.52.53/32
allow from 149.6.52.61/32
allow from 149.6.52.64/27
allow from 149.6.52.96/28
allow from 149.6.52.112/29
allow from 149.11.116.5/32
allow from 149.11.154.1/32
allow from 149.62.64.0/18
allow from 149.126.128.0/19
allow from 152.89.232.0/22
allow from 153.5.0.0/16
allow from 154.25.3.9/32
allow from 154.25.3.10/32
allow from 154.25.3.37/32
allow from 154.25.3.38/32
allow from 154.25.3.45/32
allow from 154.25.3.46/32
allow from 154.25.3.85/32
allow from 154.25.3.86/32
allow from 154.25.3.89/32
allow from 154.25.3.90/32
allow from 154.25.3.101/32
allow from 154.25.3.102/32
allow from 154.25.3.105/32
allow from 154.25.3.106/32
allow from 154.25.4.77/32
allow from 154.25.4.78/32
allow from 154.25.5.33/32
allow from 154.25.5.34/32
allow from 154.25.5.37/32
allow from 154.25.5.38/32
allow from 154.26.32.69/32
allow from 154.26.32.72/31
allow from 154.26.32.74/32
allow from 154.26.32.78/32
allow from 154.26.32.115/32
allow from 154.26.48.69/32
allow from 154.26.48.72/31
allow from 154.26.48.74/32
allow from 154.26.48.78/32
allow from 154.26.48.115/32
allow from 154.54.21.68/32
allow from 154.54.21.247/32
allow from 154.54.33.17/32
allow from 154.54.48.85/32
allow from 154.54.48.229/32
allow from 154.54.62.241/32
allow from 154.54.62.242/32
allow from 157.167.74.0/24
allow from 162.254.84.160/27
allow from 163.159.0.0/16
allow from 164.8.0.0/16
allow from 176.52.128.0/19
allow from 176.57.92.0/22
allow from 176.76.0.0/16
allow from 176.105.240.0/22
allow from 178.58.0.0/16
allow from 178.79.64.0/18
allow from 178.172.0.0/17
allow from 178.216.56.0/21
allow from 185.13.52.0/22
allow from 185.24.36.0/22
allow from 185.28.8.0/22
allow from 185.29.16.0/22
allow from 185.30.136.0/22
allow from 185.33.48.0/22
allow from 185.41.176.0/22
allow from 185.45.42.16/28
allow from 185.49.0.0/22
allow from 185.49.116.0/22
allow from 185.53.12.0/22
allow from 185.54.128.0/23
allow from 185.54.131.0/24
allow from 185.56.222.0/24
allow from 185.57.16.0/22
allow from 185.57.144.0/22
allow from 185.57.224.0/23
allow from 185.57.226.0/25
allow from 185.57.226.128/29
allow from 185.57.226.137/32
allow from 185.57.226.138/31
allow from 185.57.226.140/30
allow from 185.57.226.144/28
allow from 185.57.226.160/27
allow from 185.57.226.192/26
allow from 185.57.227.0/24
allow from 185.58.180.0/22
allow from 185.59.24.0/22
allow from 185.60.116.0/22
allow from 185.66.148.0/22
allow from 185.69.148.0/22
allow from 185.71.172.0/22
allow from 185.72.28.0/22
allow from 185.72.60.0/22
allow from 185.72.104.0/22
allow from 185.73.4.0/22
allow from 185.74.90.0/24
allow from 185.78.240.0/22
allow from 185.79.228.0/22
allow from 185.81.28.0/22
allow from 185.84.100.0/22
allow from 185.85.148.0/22
allow from 185.92.176.0/22
allow from 185.92.228.0/24
allow from 185.92.230.0/23
allow from 185.92.232.0/22
allow from 185.93.104.0/22
allow from 185.97.52.0/22
allow from 185.97.68.0/22
allow from 185.99.24.224/30
allow from 185.99.26.224/30
allow from 185.114.144.0/22
allow from 185.128.248.0/24
allow from 185.128.250.0/23
allow from 185.133.184.0/22
allow from 185.146.253.0/24
allow from 185.146.254.0/23
allow from 185.148.72.0/22
allow from 185.153.24.0/22
allow from 185.153.169.4/32
allow from 185.153.169.10/32
allow from 185.173.52.0/22
allow from 185.175.0.0/22
allow from 185.178.224.0/22
allow from 185.179.48.0/22
allow from 185.179.216.0/22
allow from 185.185.88.0/22
allow from 185.187.8.0/22
allow from 185.190.83.0/24
allow from 185.194.185.112/28
allow from 185.195.156.0/22
allow from 185.205.116.0/22
allow from 185.206.184.0/22
allow from 185.221.56.0/22
allow from 185.236.192.0/22
allow from 188.64.24.0/21
allow from 188.64.104.0/21
allow from 188.119.104.0/22
allow from 188.196.0.0/14
allow from 188.230.128.0/17
allow from 192.84.90.0/24
allow from 192.84.95.0/24
allow from 192.84.97.0/24
allow from 192.84.99.0/24
allow from 192.84.101.0/24
allow from 192.84.102.0/23
allow from 192.84.104.0/24
allow from 192.84.107.0/24
allow from 192.84.109.0/24
allow from 192.160.15.0/24
allow from 193.0.244.0/24
allow from 193.2.0.0/16
allow from 193.9.12.0/24
allow from 193.9.19.0/24
allow from 193.9.21.0/24
allow from 193.9.52.0/22
allow from 193.16.109.0/24
allow from 193.16.152.0/24
allow from 193.17.1.0/24
allow from 193.17.227.0/24
allow from 193.23.49.0/24
allow from 193.23.62.0/24
allow from 193.23.137.0/24
allow from 193.24.248.0/24
allow from 193.26.26.0/24
allow from 193.26.220.0/24
allow from 193.28.14.0/24
allow from 193.28.43.0/24
allow from 193.28.51.0/24
allow from 193.28.54.0/24
allow from 193.28.146.0/24
allow from 193.35.111.0/24
allow from 193.36.40.0/24
allow from 193.41.35.0/24
allow from 193.41.36.0/24
allow from 193.41.89.0/24
allow from 193.46.71.0/24
allow from 193.46.75.0/24
allow from 193.47.136.0/24
allow from 193.77.0.0/16
allow from 193.95.192.0/18
allow from 193.104.10.0/24
allow from 193.104.23.0/24
allow from 193.104.134.0/24
allow from 193.104.236.0/24
allow from 193.104.240.0/24
allow from 193.105.22.0/24
allow from 193.105.67.0/24
allow from 193.105.115.0/24
allow from 193.105.127.0/24
allow from 193.109.124.0/24
allow from 193.109.227.0/24
allow from 193.110.14.0/23
allow from 193.110.145.0/24
allow from 193.111.192.0/23
allow from 193.111.220.0/22
allow from 193.138.1.0/24
allow from 193.138.2.0/23
allow from 193.138.9.0/24
allow from 193.138.32.0/19
allow from 193.142.116.0/24
allow from 193.142.149.0/24
allow from 193.164.137.0/24
allow from 193.164.138.0/23
allow from 193.164.140.0/23
allow from 193.169.48.0/23
allow from 193.178.188.0/24
allow from 193.189.137.0/24
allow from 193.189.160.0/20
allow from 193.189.176.0/22
allow from 193.189.180.0/25
allow from 193.189.180.128/26
allow from 193.189.180.192/27
allow from 193.189.180.224/28
allow from 193.189.180.240/29
allow from 193.189.181.0/24
allow from 193.189.182.0/23
allow from 193.189.184.0/21
allow from 193.194.120.0/23
allow from 193.200.207.0/24
allow from 193.201.45.0/24
allow from 193.201.101.0/24
allow from 193.201.109.0/24
allow from 193.201.165.0/24
allow from 193.201.212.0/22
allow from 193.218.94.0/24
allow from 193.219.100.0/24
allow from 193.219.106.0/24
allow from 193.221.112.0/24
allow from 193.221.115.0/24
allow from 193.228.151.0/24
allow from 193.242.154.0/24
allow from 193.243.140.0/23
allow from 194.0.174.0/23
allow from 194.0.191.0/24
allow from 194.6.237.0/24
allow from 194.6.242.0/24
allow from 194.8.94.0/23
allow from 194.9.29.0/24
allow from 194.10.5.168/29
allow from 194.28.108.0/22
allow from 194.29.83.0/24
allow from 194.33.12.0/24
allow from 194.35.84.0/22
allow from 194.39.85.0/24
allow from 194.40.211.0/24
allow from 194.50.136.0/23
allow from 194.50.138.0/24
allow from 194.50.166.0/24
allow from 194.56.75.0/24
allow from 194.59.182.0/24
allow from 194.59.185.0/24
allow from 194.60.74.0/24
allow from 194.110.199.0/24
allow from 194.110.222.0/24
allow from 194.116.204.0/23
allow from 194.117.124.250/32
allow from 194.117.125.13/32
allow from 194.117.126.191/32
allow from 194.126.197.0/24
allow from 194.152.0.0/19
allow from 194.156.156.0/24
allow from 194.165.96.0/19
allow from 194.176.112.0/24
allow from 194.242.36.0/24
allow from 194.247.162.0/23
allow from 194.249.0.0/16
allow from 195.5.164.0/23
allow from 195.20.142.0/24
allow from 195.35.122.0/24
allow from 195.43.131.0/24
allow from 195.43.133.0/24
allow from 195.47.197.0/24
allow from 195.47.211.0/24
allow from 195.47.213.0/24
allow from 195.47.224.0/24
allow from 195.47.226.0/24
allow from 195.47.228.0/24
allow from 195.47.243.0/24
allow from 195.66.69.0/24
allow from 195.66.107.0/24
allow from 195.69.96.0/22
allow from 195.72.118.0/23
allow from 195.75.215.0/24
allow from 195.75.238.0/26
allow from 195.78.83.0/24
allow from 195.79.24.192/28
allow from 195.80.150.0/24
allow from 195.80.225.0/24
allow from 195.85.192.0/24
allow from 195.88.82.0/23
allow from 195.95.158.0/24
allow from 195.95.161.0/24
allow from 195.95.173.0/24
allow from 195.95.200.0/23
allow from 195.95.204.0/23
allow from 195.112.178.66/32
allow from 195.112.179.67/32
allow from 195.118.206.0/24
allow from 195.128.128.0/24
allow from 195.128.141.0/24
allow from 195.130.194.0/24
allow from 195.138.196.0/24
allow from 195.138.201.0/24
allow from 195.144.26.0/24
allow from 195.149.94.0/24
allow from 195.166.120.144/29
allow from 195.166.120.176/29
allow from 195.170.177.0/24
allow from 195.178.118.0/23
allow from 195.182.61.0/24
allow from 195.190.129.0/24
allow from 195.190.158.0/24
allow from 195.191.96.0/24
allow from 195.200.200.0/24
allow from 195.206.228.0/23
allow from 195.210.192.0/18
allow from 195.216.253.0/24
allow from 195.225.50.0/24
allow from 195.230.121.0/24
allow from 195.234.137.0/24
allow from 195.234.169.0/24
allow from 195.234.179.0/24
allow from 195.234.181.0/24
allow from 195.234.189.0/24
allow from 195.245.72.0/23
allow from 195.245.88.0/23
allow from 195.245.106.0/23
allow from 195.245.208.0/24
allow from 195.245.216.0/24
allow from 195.245.250.0/24
allow from 195.246.0.0/19
allow from 195.248.68.0/24
allow from 195.250.58.0/24
allow from 195.250.192.0/19
allow from 202.163.1.64/29
allow from 209.16.140.0/22
allow from 209.206.23.0/24
allow from 212.13.224.0/20
allow from 212.13.240.0/21
allow from 212.13.248.0/27
allow from 212.13.248.40/29
allow from 212.13.248.48/28
allow from 212.13.248.64/26
allow from 212.13.248.128/25
allow from 212.13.249.0/24
allow from 212.13.250.0/23
allow from 212.13.252.0/22
allow from 212.18.32.0/19
allow from 212.30.64.0/19
allow from 212.44.96.0/19
allow from 212.48.121.0/24
allow from 212.48.127.192/26
allow from 212.53.153.0/24
allow from 212.53.167.0/24
allow from 212.63.175.187/32
allow from 212.72.96.0/19
allow from 212.72.189.0/24
allow from 212.85.160.0/19
allow from 212.93.224.0/19
allow from 212.101.128.0/18
allow from 212.102.152.0/22
allow from 212.103.128.0/22
allow from 212.103.132.0/23
allow from 212.103.134.0/24
allow from 212.103.135.0/25
allow from 212.103.135.128/27
allow from 212.103.135.160/29
allow from 212.103.135.176/28
allow from 212.103.135.192/26
allow from 212.103.136.0/21
allow from 212.103.144.0/21
allow from 212.103.152.0/24
allow from 212.103.153.16/28
allow from 212.103.153.32/27
allow from 212.103.153.64/26
allow from 212.103.153.128/25
allow from 212.103.154.0/23
allow from 212.103.156.0/22
allow from 212.115.96.240/29
allow from 212.118.64.0/19
allow from 212.151.133.5/32
allow from 212.151.133.7/32
allow from 212.151.133.9/32
allow from 212.151.133.11/32
allow from 212.151.133.13/32
allow from 212.151.133.15/32
allow from 212.151.133.17/32
allow from 212.151.133.19/32
allow from 212.151.133.21/32
allow from 212.151.133.23/32
allow from 212.151.182.49/32
allow from 212.151.182.50/32
allow from 212.151.188.101/32
allow from 212.151.188.102/31
allow from 212.151.188.104/32
allow from 212.235.128.0/17
allow from 213.5.112.0/21
allow from 213.39.79.0/24
allow from 213.142.224.0/20
allow from 213.142.240.0/21
allow from 213.143.64.0/19
allow from 213.157.224.0/19
allow from 213.161.0.0/19
allow from 213.172.224.0/19
allow from 213.206.136.216/32
allow from 213.229.192.0/18
allow from 213.250.0.0/20
allow from 213.250.16.0/21
allow from 213.250.24.0/24
allow from 213.250.25.0/25
allow from 213.250.25.128/26
allow from 213.250.25.192/27
allow from 213.250.25.224/28
allow from 213.250.26.0/23
allow from 213.250.28.0/22
allow from 213.250.32.0/19
allow from 213.253.64.0/19
allow from 213.253.96.0/21
allow from 213.253.104.0/22
allow from 213.253.108.0/24
allow from 213.253.110.24/29
allow from 213.253.110.32/28
allow from 213.253.110.56/29
allow from 213.253.110.64/27
allow from 213.253.112.152/29
allow from 213.253.113.56/29
allow from 213.253.113.128/28
allow from 213.253.114.192/27
allow from 213.253.114.224/28
allow from 213.253.116.32/29
allow from 213.253.117.160/29
allow from 213.253.120.0/28
allow from 213.253.120.16/29
allow from 213.253.120.32/27
allow from 213.253.120.104/29
allow from 213.253.120.168/29
allow from 213.253.120.176/29
allow from 213.253.124.0/22
allow from 217.61.252.0/24
allow from 217.72.64.0/19
allow from 217.77.241.224/32
deny from all
</Limit>
ErrorDocument 403 https://oglasi.hopto.org/403.html
ErrorDocument 401 https://oglasi.hopto.org/401.html
ErrorDocument 402 https://oglasi.hopto.org/402.html
ErrorDocument 404 https://oglasi.hopto.org/404.html
ErrorDocument 500 https://oglasi.hopto.org/500.html

NAREDITE SI PO SVOJE VAŠE STRANI NAPAK 403….. ITD NI NUJNO DA JE ENAKA STRAN, PRIMER LAHKO 401.html – 402.html – 403.html – itd…

Shranite zgornje direktive v .htaccess datoteko in jo prenesite npr. /htdocs/vašamapaaliapp/ – lahko več map, kopirajte ta .htaccess in ste rešili problem – Pozor iz TUJINE TUDI VI NE BOSTE MOGLI DOSTOPAT DO TEH MAP – ZA DOSTOP IZ TUJINE V TAKIH PRIMERIH UPORABITE VAŠ PROXY ALI PA KATERIKOLI DRUGI VPN-PROXY STREŽNIK IZ SLOVENIJE – NI NUJNO DA JE VAŠ VAŽNO DA IMATE PRISTOPNE PODATKE!

Primer Fail2Ban iptables izpis blokad – vedno preverite s spodnjo komando:

sudo iptables -L -n --line

fail2ban BANIRANI oz. PREPOVADNI BLOKIRANI IP – Povavadi večina VPN-Proxy strežniki komercialni ali tudi privat – nišče vam ne bo udiral iz lastnega morežja 110%!!! izpis sudo iptables -L -n –line

Chain f2b-recidive (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  178.128.104.221      0.0.0.0/0            reject-with icmp-port-unreachable
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-apache-myadmin (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  85.208.96.17         0.0.0.0/0            reject-with icmp-port-unreachable
2    REJECT     all  --  85.208.96.16         0.0.0.0/0            reject-with icmp-port-unreachable
3    REJECT     all  --  85.208.96.15         0.0.0.0/0            reject-with icmp-port-unreachable
4    REJECT     all  --  85.208.96.14         0.0.0.0/0            reject-with icmp-port-unreachable
5    REJECT     all  --  54.36.149.57         0.0.0.0/0            reject-with icmp-port-unreachable
6    REJECT     all  --  54.36.149.46         0.0.0.0/0            reject-with icmp-port-unreachable
7    REJECT     all  --  54.36.148.85         0.0.0.0/0            reject-with icmp-port-unreachable
8    REJECT     all  --  54.36.148.43         0.0.0.0/0            reject-with icmp-port-unreachable
9    REJECT     all  --  5.101.0.209          0.0.0.0/0            reject-with icmp-port-unreachable
10   REJECT     all  --  221.199.14.245       0.0.0.0/0            reject-with icmp-port-unreachable
11   REJECT     all  --  198.16.76.28         0.0.0.0/0            reject-with icmp-port-unreachable
12   REJECT     all  --  198.16.74.43         0.0.0.0/0            reject-with icmp-port-unreachable
13   REJECT     all  --  198.16.70.53         0.0.0.0/0            reject-with icmp-port-unreachable
14   REJECT     all  --  178.128.126.39       0.0.0.0/0            reject-with icmp-port-unreachable
15   REJECT     all  --  178.128.126.0        0.0.0.0/0            reject-with icmp-port-unreachable
16   REJECT     all  --  104.131.188.187      0.0.0.0/0            reject-with icmp-port-unreachable
17   RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-http-dos (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  178.62.89.121        0.0.0.0/0            reject-with icmp-port-unreachable
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-wp-nfw (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  13.82.55.159         0.0.0.0/0            reject-with icmp-port-unreachable
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-wordpress (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  178.128.82.122       0.0.0.0/0            reject-with icmp-port-unreachable
2    REJECT     all  --  178.128.117.77       0.0.0.0/0            reject-with icmp-port-unreachable
3    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-enigma (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  178.62.106.169       0.0.0.0/0            reject-with icmp-port-unreachable
2    RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain f2b-napaka (1 references)
num  target     prot opt source               destination         
1    REJECT     all  --  93.174.95.106        0.0.0.0/0            reject-with icmp-port-unreachable
2    REJECT     all  --  66.249.75.8          0.0.0.0/0            reject-with icmp-port-unreachable
3    REJECT     all  --  66.249.75.6          0.0.0.0/0            reject-with icmp-port-unreachable
4    REJECT     all  --  66.240.236.119       0.0.0.0/0            reject-with icmp-port-unreachable
5    REJECT     all  --  46.101.89.227        0.0.0.0/0            reject-with icmp-port-unreachable
6    REJECT     all  --  217.182.230.15       0.0.0.0/0            reject-with icmp-port-unreachable
7    REJECT     all  --  198.16.66.157        0.0.0.0/0            reject-with icmp-port-unreachable
8    REJECT     all  --  178.62.93.49         0.0.0.0/0            reject-with icmp-port-unreachable
9    REJECT     all  --  178.128.104.221      0.0.0.0/0            reject-with icmp-port-unreachable
10   REJECT     all  --  177.135.85.114       0.0.0.0/0            reject-with icmp-port-unreachable
11   REJECT     all  --  162.243.246.160      0.0.0.0/0            reject-with icmp-port-unreachable
12   REJECT     all  --  152.67.42.40         0.0.0.0/0            reject-with icmp-port-unreachable
13   REJECT     all  --  150.136.214.147      0.0.0.0/0            reject-with icmp-port-unreachable
14   REJECT     all  --  150.136.154.228      0.0.0.0/0            reject-with icmp-port-unreachable
15   REJECT     all  --  141.145.116.229      0.0.0.0/0            reject-with icmp-port-unreachable
16   REJECT     all  --  132.145.101.248      0.0.0.0/0            reject-with icmp-port-unreachable
17   RETURN     all  --  0.0.0.0/0            0.0.0.0/0  

Zapomnite si Recidive vam bo v vsakem primeru ponavljajoče se BANe IPjev blokiral za dlje časa v tem primeru 1 teden, vi si sami skonfigurirajte vaš fail2ban po želji – to je samo primer – eden izmen načinov zaščite – vaših aplikacij na netu.

Za WP ali ostale cms in webapps je najboljša varianta, da si zaščitite vse preko F2B požarnega zida. Primer NinjaFirewall Pro ali WP Edition: 

Filter Fail2Ban za dogodke sistemskega dnevnika NinjaFirewall WP+ Edition

NinjaFirewall (WP + Edition) plugin je zelo hiter, zanesljiv Web Application Firewall za WordPress. Fail2Ban je demon, ki enkrat na sekundo pregleda datoteke dnevnika strežnika. Če najde dokaze o napadu na strežnik, lahko prepove naslov IP, s katerega napad prihaja. Ta članek opisuje, kako dodati filter datoteke syslog v Fail2Ban, ki zazna kritične, visoke in srednje varnostne dogodke, ki jih v syslog zapiše NinjaFirewall, tako da lahko prepove napadalčev IP naslov.

Različica tl;dr: Vse datoteke, ki jih potrebujete, lahko dobite v datoteki fail2ban-filter-ninjafirewall-syslog Github .

POSTOPEK

Najprej kupite, namestite in konfigurirajte vtičnik NinjaFirewall WP+ Edition na svojem spletnem mestu WordPress. Nato pojdite naNinjaFirewall+ | Dnevnik požarnega zidustrani z nastavitvami in se prepričajte, da je zapisovanje požarnega zidu omogočeno. Označite kljukicoDogodke zapišite tudi na strežnik Syslogmožnost in shranite te nastavitve. NinjaFirewall+ bo zdaj shranil dogodke požarnega zidu v datoteko syslog vašega strežnika.

Zdaj se prijavite v svoj spletni strežnik (ob predpostavki, da imate Fail2Ban že nameščen in deluje) in ustvarite novo datoteko recepta z naslednjim ukazom …

sudo nano /etc/fail2ban/filter.d/ninjafirewall-syslog.conf

Vstavite naslednje besedilo …

[INCLUDES]
after = common.conf

[Definition]
_daemon = ninjafirewall
failregex = \s%(_daemon)s\[[\d]{1,7}\]: (?:(CRITICAL|HIGH|MEDIUM):)\s+(?:(#[\d]{6,7}):) (?:[\w ]+) from <HOST> on\s
ignoreregex =

Nato omogočite filter tako, da uredite ali ustvarite datoteko jail.local z …

sudo nano /etc/fail2ban/jail.local

in vstavite naslednje besedilo …

[ninjafirewall-syslog]
port = http,https
filter = ninjafirewall-syslog
logpath = %(syslog_ftp)s
backend = %(syslog_backend)s
maxretry = 2
enabled = true

Obdrži maxretrynizka vrednost preglasitve; 2 je dobro, 1 je prenizko. Napadi so pogosto porazdeljeni, pri čemer je vsak naslov IP uporabljen samo enkrat. To bo ustvarilo veliko nepotrebnih prepovedi IP. Težji napadi ali manjši bot-neti bodo ponovno uporabili naslove IP, zato bo nastavitev 2 blokirala te napadalce.

Končno znova zaženite storitev …

sudo service fail2ban restart
 

TESTIRANJE

Če želite preizkusiti nov filter, zaženite ta ukaz …

sudo fail2ban-regex /var/log/syslog /etc/fail2ban/filter.d/ninjafirewall-syslog.conf

Če so v datoteki syslog vnosi iz NinjaFirewall, vam bo fail2ban-regex prikazal število zadetkov.

Če obstajajo kateri koli naslovi IP, ki so trenutno prepovedani, jih lahko vidite tako, da zaženete ta ukaz …

sudo iptables -L

PREVIDNOSTNI UKREPI ZA STORITVE PREDPOMNILNIKA IN PROXY

Ko se do vašega spletnega strežnika dostopa prek storitve predpomnjenja ali proxy, kot je CloudFlare, bo povezovalni naslov IP v napadu IP naslov proxy strežnika. Prepoved povezovalnega naslova IP lahko povzroči, da vaše spletno mesto postane nedostopno za del ali celoten internet. Preprosta prepoved pravega naslova IP odjemalca tudi ne bo pomagala, saj se ta naslov IP najverjetneje nikoli ne bi povezal neposredno z vašim spletnim mestom. V tem primeru morda sploh ne boste želeli uporabljati tega filtra Fail2Ban.

Druga možnost je nastavitev delovanje oblakov za sistemski dnevnik ninjafirewallfilter. Oglejte si primer implementacije v člankih filtra CloudFlare REST API V4 Fail2Ban in NinjaFirewall Fail2Ban AUTH .

ODPRAVLJANJE HROŠČ

Če se fail2ban ne bo znova zagnal, ko ste uredili konfiguracijske datoteke, ga lahko poskusite ročno zagnati z omogočenim podrobnim sporočanjem, da ugotovite, kje ne uspe, ko se zažene.

fail2ban-client -vvv -x start

Ko popravite vse napake v konfiguracijskih datotekah, jo znova zaženite kot storitev.

fail2ban-client -x stop
service fail2ban start

Lahko dobite najnovejšo različico Fail2Ban NinjaFirewall WP v GitHub Repository .


sudo nano /etc/fail2ban/filter.d/ninjafirewall.conf

Vstavite naslednje besedilo …

[INCLUDES]
after = common.conf

[Definition]
_daemon = ninjafirewall

failregex = ^%(__prefix_line)sPossible brute-force attack from <HOST> on

ignoreregex =

 

sudo nano /etc/fail2ban/jail.local

in vstavite naslednje besedilo …

[ninjafirewall]
port = http,https
filter = ninjafirewall
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
maxretry = 1
bantime = 6h
#action = %(action_mwl)s
banaction = %(banaction_allports)s
enabled = true

Nekaj mojih osebnih filtrov fail2ban WordPress in ostalo custom apache badbots…


PercNETForumiAudioMediaOglasiWEBDiskDDLeWDiskMServerPSTubePSDDLMediaPSMForumsPSMediaPCSNETMedia