Pripravil sem vam nekaj mojih osebnih filtrov za Fail2Ban požarni zid, Apache Custom, WordPress, Error oz. filter za napake, mod_evasive oz. DDoS zaščita, itd…
Namestitev IPTables Požarni zid Linux za WEB Server ufw nekomplicirani požarni zid za linux ter fail2ban požarni zid za spletne aplikacije:
Kopirajte v datoteko /tmp/v4 spodnje direktive, če ne uporabljate npr. PostFix ali katerikoli drugi program za Pošto ne rabi dajat filtra MAIL SMTP!!! ZBRIŠITE VSE DO COMMIN, SE PRAVI OSTANE -A FORWARD -j REJECT IN POL SPODAJ COMMIT, VSE TO SHRANITE:
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
-A INPUT -p tcp -–dport 22 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 80 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 443 -m state -–state NEW -j ACCEPT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m limit -–limit 5/min -j LOG -–log-prefix “iptables_INPUT_denied: ” -–log-level 7
-A FORWARD -m limit -–limit 5/min -j LOG -–log-prefix “iptables_FORWARD_denied: ” -–log-level 7
-A INPUT -j REJECT
-A FORWARD -j REJECT
-A INPUT -p icmp -m state -–state NEW -–icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m recent --dport 22 --set --name ssh --rsource
-A INPUT -p tcp -m state --state NEW -m recent --dport 22 ! --rcheck --seconds 60 --hitcount 6 --name ssh --rsource -j ACCEPT
# -------------- MAIL - Elektronska pošta porti:
#SMTP
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
#IMAP(S)
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT
#POP(S)
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
COMMIT
Kreiraj še eno datoteko /tmp/v6
sudo nano /tmp/v6
Kopirajte v datoteko /tmp/v6 spodnje direktive in shrani datoteko:
*filter
# Allow all loopback (lo0) traffic and reject traffic
# to localhost that does not originate from lo0.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s ::1/128 -j REJECT
# Allow ICMP
-A INPUT -p icmpv6 -m state -–state NEW -j ACCEPT
# Allow HTTP and HTTPS connections from anywhere
# (the normal ports for web servers).
-A INPUT -p tcp -–dport 80 -m state -–state NEW -j ACCEPT
-A INPUT -p tcp -–dport 443 -m state -–state NEW -j ACCEPT
# Allow inbound traffic from established connections.
-A INPUT -m state -–state ESTABLISHED,RELATED -j ACCEPT
# Log what was incoming but denied (optional but useful).
-A INPUT -m limit -–limit 5/min -j LOG -–log-prefix “ip6tables_INPUT_denied: ” -–log-level 7
# Reject all other inbound.
-A INPUT -j REJECT
# Log any traffic which was sent to you
# for forwarding (optional but useful).
-A FORWARD -m limit -–limit 5/min -j LOG -–log-prefix “ip6tables_FORWARD_denied: ” -–log-level 7
# Reject all traffic forwarding.
-A FORWARD -j REJECT
COMMIT
Nekaj priročnih komand:
sudo systemctl is-enabled netfilter-persistent.service
sudo systemctl enable netfilter-persistent.service
sudo systemctl status netfilter-persistent.service
sudo systemctl restart netfilter-persistent.service
sudo /sbin/iptables-restore < /etc/iptables/rules.v4
sudo /sbin/ip6tables-restore < /etc/iptables/rules.v6
sudo /sbin/iptables-save > /etc/iptables/rules.v4
sudo /sbin/ip6tables-save > /etc/iptables/rules.v6
Blokada IP preko terminala iptables:
sudo iptables -A INPUT -s [IPNaslov] -j DROP
sudo iptables -A INPUT -m iprange –src-range [IPSTART]-[IPEND] -j DROP
sudo iptables -i eth1 -A INPUT -s [PODMREŽAIP SUBNET ADDRESS] -j DROP
sudo iptables -A INPUT -i [eth0 wlan0... Interface Name] -s [IPNaslov] -j DROP
Pripravil sem vam še za WEBMin iptables oz. Linux Požarni zid:
Zdaj boljša varinta konfiguracije iptables požarni zid za Linux operacijske sisteme, prenesite si zip datoteko iptableswebmin.zip ter obe datoteke se pravi iptables.up.rules in ip6tables.up.rules npr. preko WEBMin File Manager prenesete v mapo /etc/ !!!
Pojdite v WEBmin desni meni “Networking” in “Linux Firewall” tukaj zdaj boste imeli vse direktive in blokade, lahko dopisujete sproti zapirate omrežja ali pa odpirate vaše porte po želji… Za urejat datoteke iptables.up.rules in ip6tables.up.rules odprete WEBMin File Manager desni meni “Others” in “File Manager” odprete mapo /etc/ ter kliknete z desnem zgornjem kotu File in Upload to current directory (NE ZAZIPANE, ODPAKIRAJTE JIH PREJ V VAŠEM RAČUNALNIKU IN PRENESITE OBE) to bo vse. Za komentirat # ali odkomentirat direktive uporabite File Manager Edit file, in vsako po sebaj uredite po svoje, pozor pripravil sem vam večje število enakih direktiv za boljše razumevanje!
Začetna konfiguracija UFW – Če nimate e-pošte ne rabi sprostit portov tem kjer je IP in port 22 vpišite svoj IP računalnika ali omrežja iz katerega se povezujete – ponavadi vaš prenosnik MAC ali Windows – Pametni telefon, Tablika, itd. operacijski sistem:
sudo service fail2ban restart
sudo service fail2ban start
sudo service fail2ban status
sudo iptables -L -n --line
sudo service fail2ban stop
sudo fail2ban-client set recidive unbanip 107.170.186.79
sudo fail2ban-client set apache-auth unbanip 198.16.66.155
sudo fail2ban-client set wordpress unbanip 104.236.195.72
sudo fail2ban-client set webmin-auth unbanip 89.212.137.96
itd... odblokirat Blokiran IP v določenem filtru f2b!!!
Kopiraj v filter apache-myadmin zaščitne direktive to spodaj:
[Definition]
failregex = .*\[client <HOST>:[0-9]+\] phpmyadmin: authentification failed.*
[[]client <HOST>[]] File does not exist: /\S*phpmyadmin*
[[]client <HOST>[]] File does not exist: /\S*phpMyAdmin*
[[]client <HOST>[]] File does not exist: /\S*PMA*
[[]client <HOST>[]] File does not exist: /\S*pma*
[[]client <HOST>[]] File does not exist: /\S*admin*
[[]client <HOST>[]] File does not exist: /\S*dbadmin*
[[]client <HOST>[]] File does not exist: /\S*sql*
[[]client <HOST>[]] File does not exist: /\S*mysql*
[[]client <HOST>[]] File does not exist: /\S*myadmin*
[[]client <HOST>[]] File does not exist: /\S*MyAdmin*
[[]client <HOST>[]] File does not exist: /\S*phpmyadmin2*
[[]client <HOST>[]] File does not exist: /\S*phpMyAdmin2*
[[]client <HOST>[]] File does not exist: /\S*phpMyAdmin-2*
[[]client <HOST>[]] File does not exist: /\S*php-my-admin*
[[]client <HOST>[]] File does not exist: /\S*sqlmanager*
[[]client <HOST>[]] File does not exist: /\S*mysqlmanager*
[[]client <HOST>[]] File does not exist: /\S*PMA2005*
[[]client <HOST>[]] File does not exist: /\S*pma2005*
[[]client <HOST>[]] File does not exist: /\S*phpmanager*
[[]client <HOST>[]] File does not exist: /\S*php-myadmin*
[[]client <HOST>[]] File does not exist: /\S*phpmy-admin*
[[]client <HOST>[]] File does not exist: /\S*webadmin*
[[]client <HOST>[]] File does not exist: /\S*sqlweb*
[[]client <HOST>[]] File does not exist: /\S*websql*
[[]client <HOST>[]] File does not exist: /\S*webdb*
[[]client <HOST>[]] File does not exist: /\S*mysqladmin*
[[]client <HOST>[]] File does not exist: /\S*mysql-admin*
ignoreregex =
Filter.d fail2ban http-dos.conf za GET – POST na mesto Napade npr. s tem primerom velja 300 zahtevkov v 300 sekundah ban oz. prepoved 1 uro vi si nastavite po svoje local.jail parametre filtra:
sudo nano /etc/fail2ban/filter.d/http-dos.conf
Kopirajte v datoteko http-dos.conf spodnje direktive – shranite in zaženite ponovno fail2ban program:
Npr. na koncu datoteke jail.local kopirajte spodnje direktive to si lahko sami po želji nastavite trenutna nastavitev 12 krat fališ prijavo in si blokiran za vedno:
[wordpress]
enabled = true
filter = wordpress
port = http,https
logpath = %(apache_access_log)s
maxretry = 12
bantime = -1
banaction = %(banaction_allports)s
# Določilo v kolikem času fali 10800 sekund ali vpišete
# 1h ure - 2d dni - 3w tedni po želji vaš ban -1 pomeni za vedno!!!
#findtime = 10800
#action = iptables-multiport[name=wordpress, port="http,https"]
Zdaj še ustvarite novi filter, ki se bo klical wordpress.conf
sudo nano /etc/fail2ban/filter.d/wordpress.conf
Kopirajte v datoteko wordpress.conf spodnje direktive:
[Definition]
failregex = ^<HOST> .* "POST .*wp-login.php
^<HOST> .* "POST .*xmlrpc.php
# ^<HOST> .* "POST .*/prijava/*
# Tam kjer je npr. /prijava/ daste vašo prijavno stran wordpress
ignoreregex =
Drugo, je še aktivacija za vaš FTP račun, če ste namestili server, preglejte celotno datoteko local.jail – vklopite samo filtre aplikacij, ki so nameščene na vašem strežniku, ne vklapljat brezveznih filtrov f2b, če nimate npr. programa oz. app za FTP, ali webmin npr. port 10000 itd…, če aplikacije nimate jo ne vklapljate oz. filtra ne vklopit
enabled = true
filter = ime-filtra
Za dodatne zaščite strežnika si poglejte dokumentacijo na naših straneh za direktne prenose in izmenjavo datotek PCS – NET Portorož – HCS@2000 Perc Scripts 1999 Slovenia – Vse informacije boste dobili v pdf obliki ali doc!!!
Dodatna zaščita Spletna Aplikacija DDL Enigma oz. Direct Downloads sFTP skolzi WWW:
Fail2Ban aplikacijo lahko uporabite za zaščito vsake vaše aplikacije na strežniku WEBMail oz. Pošta, FTP računi,… itd… skratka vse spletne aplikacije se da odlično zaščititi s Požarnim Zidom Fail2Ban v sodelovanju z UFW. Primer spodaj, če ste si namestili DDL Enigma program, ne pozabit pri namestitvi menjat predpono tablefrefix ddl_ zamenjajte pri namestitvi v vašo karkoli npr. mojetabele_
Zdaj. ko ste namestili aplikacijo na vaš strežnik, še ustvarite novi filter.d za Fail2Ban, ki se bo klical ddlenigma.conf – če ste aplikacjo za Direktne Prenose Datotek namestili npr. v mapo na strežniku /home/www/prenosi/ — Pol obvezno railregex vpišete za pot-mapa-prenosi samo .* “POST .*/prenosi/* ali drugo mapo npr. /htdocs/ddlenigma/ vpišete samo .* “POST .*/ddlenigma/* za filter zaščita prijavnega mesta: (Kopirajte spodnje direktive v filter.d/ddlenigma.conf, če ne uporabljate nobene dodatne mape za DDL enigma in je nameščena kot edina WEB App se pravi /htdocs/index.php ??? V TEM PRIMERU SPUSTITE PRVO DIREKTIVO ^ HOST .* “POST .*/pot-mapa-prenosi/* ZBRIŠITE TO IN VSE SPODNJE DIREKTIVE POD loginpage.php!!!
[Definition]
failregex = ^<HOST> .* "POST .*/pot-mapa-prenosi/*
^<HOST> .* "POST .*/index.php?login
^<HOST> .* "POST .*index.php
^<HOST> .* "POST .*login.php
^<HOST> .* "POST .*process.php
^<HOST> .* "POST .*loginpage.php
<HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "POST /pot-mapa-prenosi/* HTTP/1.1" 200
<HOST> - - \[(\d{2})/\w{3}/\d{4}:\1:\1:\1 -\d{4}\] "POST /pot-mapa-prenosi/index.php?login HTTP/1.1" 200
^<HOST> .* "POST /pot-mapa-prenosi/index.php?login
ignoreregex =
# Ta filter bi naredili v action.d, ma ne rabi, odvisno je od vaše
# konfiguracije strežnika in zaščite - načinov je ogromno...
#actionstart =
#actionstop =
#actioncheck =
#actionban = ufw insert 1 deny from <ip> to any
#actionunban = ufw delete deny from <ip> to any
Zdaj ko smo shranili naš filter za zaščito prenosov in izmenjavo datotek FTP računi in spletni prenosi aplikacij do 2048 megabajtov na datoteko preko php transporta podatkov na FTP. Drugače FTP direktno vsi računi nimajo nobenih omejitev na datoteko, se pravi tudi 1 TB in več na datoteko je možen – Preberite si dobro navodila za uporabo in konfiguracijo php skriptov ter povezavo z vašimi FTP računi. Integracija Direktni Prenosi Datotek z Fail2Ban jail.local filtri aktivacija ddlenigma:
sudo nano /etc/fail2ban/jail.local
Na koncu datoteke jail.local Fail2Ban aktivacija programa in filtrov kopirajte spodnje direktive:
To pomeni zdaj, da ste zaščiteni kot sibirski medved, ne pozabit, če uporabljate npr. vašo spletno pošto linux, npr. nasvet namestite si samo te programa:
Primer kaj morate imeti nameščeno za vaš WEB Strežnik Linux – CMS WordPress ali katerakoli druga spletna aplikacija:
cd /usr/local/src/
sudo wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar xf noip-duc-linux.tar.gz
sudo rm noip-duc-linux.tar.gz
cd noip-2.1.9-1/
sudo make install
### Zdaj še samo kopirajte v rc.local direktivo sudo noip2
cd /etc/
sudo nano rc.local
#Vstavi spodnjo komando in shrani datoteko
sudo noip2
#zaštartaj linux
sudo reboot
sudo shutdown -r now
# Preveri če dela vse pravilno
sudo noip2 -S
Dodatne direktive filter.d Fail2Ban za napake oz. IPje, ki prejemajo stran 403 – primer lastna konfiguracija – NI POTREBNO:
Ustvarite si nov filter za napade in neavtorizirane poizvedbe na vašem strežniku – Blokada vseh IP, ki prejmejo s tem primeru stran error.html ali napaka.html oz. stran 403 – NEAVTORIZIRANI PRISTOP
sudo nano /etc/fail2ban/filter.d/napaka.conf
Dodajte spodnje direktive oz. vaše strani 400 – 401 – 403 v filter.d Fail2Ban napaka.conf (vpištite vaš dokument za napake 400, 401 in 403!!!:
Zdaj še ključne mape in aplikacije zaščitite preko .htaccess datoteke tako, da npr. v vsako mapo, ki jo želite zaščititi za dostop kopirate spodnje direktive, shranite to spodaj v .htaccess ime datoteke!!!
sudo nano /var/www/potstrani/mapa/.htaccess
#AuthUserFile /dev/null
#AuthGroupFile /dev/null
#AuthName "PCSNET Admin Access Control"
#AuthType Basic
<LIMIT GET HEAD POST>
order deny,allow
deny from all
# whitelist PiramideStudioNET address
allow from 192.168.0.1
allow from 192.168.0.100
allow from 192.168.0.101
allow from 192.168.0.106
allow from 192.168.0.200
allow from 198.77.77.177
allow from 197.77.77.177
allow from 93.103.113.142
allow from 89.212.137.96
deny from all
</Limit>
ErrorDocument 403 https://oglasi.hopto.org/error3.html
ErrorDocument 400 https://oglasi.hopto.org/error0.html
ErrorDocument 401 https://oglasi.hopto.org/error1.html
ErrorDocument 402 https://oglasi.hopto.org/error2.html
ErrorDocument 404 https://oglasi.hopto.org/error4.html
ErrorDocument 500 https://oglasi.hopto.org/error5.html
# Tukaj določite vaše strani za napake, vse to je že narejeno če
# boste uporabili modul Apache General Config =
# /etc/apache2/conf-available/localized-error-pages.conf
# odprite to datoteko in odkomentirajte spodaj kjer si nahajajo
# error strani ali pa vpišete lahko tudi vaše narejene
# npr. html strani z napakami!!!!
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
Options All -Indexes
AddLanguage sl .sl
Te gor direktive “Options All -Indexes”, če dodate v vaš .htaccess pomenijo, da nihče izven vašega omrežja ne more skenirati vaše mreže, in ne more dostopati do te mape, če poizkusi dostopati ga vrže na stran error.html oz. 403 !!! Za wordpress-joomla-drupal si poberite že narejen .htaccess in našega mesta DDL Enigma – Direktni prenosi in izmenjava datotek!!!
Primer nastavitve .htaccess datoteke tako, da lahko do vaših map ali spletnih aplikacij dostopajo le slovenski računalniki – to ne pomeni, da vas ne bodo poizkušali hackati preko naših Slovenskih Proxy ali VPN s katerimi se poslužujejo hackerji! spet kopirajte spodnje direktive v .htaccess datoteko in jo prenesite v mape, ki jih želite zaščititi:
Apache 2.0 Konfiguracija .htaccess - Dovoli samo Slovenska omrežja
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
# Deny access to all .htaccess files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
Options All -Indexes
<Limit GET HEAD POST>
order deny,allow
allow from 89.212.137.96
allow from 93.103.113.142
allow from 5.32.136.0/21
allow from 5.157.72.0/21
allow from 5.249.176.0/20
allow from 31.6.59.0/24
allow from 31.7.192.0/19
allow from 31.15.128.0/17
allow from 32.106.114.0/24
allow from 32.112.59.0/24
allow from 34.99.184.0/23
allow from 34.103.136.0/23
allow from 34.103.200.0/23
allow from 37.1.89.128/25
allow from 37.18.224.0/20
allow from 37.19.64.0/21
allow from 37.230.133.0/24
allow from 37.252.224.0/24
allow from 38.28.1.68/32
allow from 38.28.1.247/32
allow from 45.10.240.0/22
allow from 45.15.64.0/22
allow from 45.138.220.0/22
allow from 45.138.244.0/22
allow from 45.138.252.0/22
allow from 45.141.168.0/22
allow from 45.146.232.0/22
allow from 45.147.136.0/22
allow from 45.149.92.0/22
allow from 45.157.4.0/22
allow from 45.157.252.0/22
allow from 45.158.60.0/22
allow from 45.158.236.0/22
allow from 46.19.8.0/24
allow from 46.19.9.0/25
allow from 46.19.9.136/29
allow from 46.19.9.144/28
allow from 46.19.9.160/27
allow from 46.19.9.192/26
allow from 46.19.10.0/24
allow from 46.19.11.0/25
allow from 46.19.11.128/26
allow from 46.19.11.216/29
allow from 46.19.11.224/27
allow from 46.19.12.0/22
allow from 46.23.0.0/20
allow from 46.54.128.0/17
allow from 46.122.0.0/15
allow from 46.150.32.0/19
allow from 46.151.232.0/21
allow from 46.163.3.0/24
allow from 46.163.4.0/22
allow from 46.163.8.0/21
allow from 46.163.16.0/20
allow from 46.163.32.0/20
allow from 46.163.48.224/28
allow from 46.163.52.0/24
allow from 46.163.56.0/23
allow from 46.163.60.56/29
allow from 46.163.60.64/29
allow from 46.164.0.0/18
allow from 46.182.224.0/21
allow from 46.248.64.0/19
allow from 46.254.0.0/21
allow from 46.254.56.0/21
allow from 46.254.144.0/21
allow from 57.90.224.0/20
allow from 62.40.96.10/32
allow from 62.40.96.23/32
allow from 62.40.98.17/32
allow from 62.40.98.28/31
allow from 62.40.98.33/32
allow from 62.40.98.38/32
allow from 62.40.124.5/32
allow from 62.40.124.6/32
allow from 62.40.126.237/32
allow from 62.40.126.238/32
allow from 62.67.191.120/30
allow from 62.84.224.0/20
allow from 63.167.237.196/32
allow from 77.38.0.0/17
allow from 77.73.104.0/22
allow from 77.94.128.0/21
allow from 77.94.136.0/22
allow from 77.94.140.0/23
allow from 77.94.142.0/24
allow from 77.94.143.0/29
allow from 77.94.143.16/28
allow from 77.94.143.32/27
allow from 77.94.143.64/26
allow from 77.94.143.128/25
allow from 77.94.144.0/20
allow from 77.111.0.0/18
allow from 77.234.128.0/19
allow from 78.153.32.0/19
allow from 80.95.224.0/20
allow from 80.246.224.0/20
allow from 80.247.77.98/32
allow from 81.17.224.0/22
allow from 81.92.241.112/29
allow from 82.149.0.0/19
allow from 82.192.32.0/19
allow from 82.214.64.0/21
allow from 82.214.72.0/22
allow from 82.214.79.0/24
allow from 82.214.120.0/22
allow from 82.214.124.0/23
allow from 83.97.88.13/32
allow from 83.97.88.14/32
allow from 83.97.89.62/31
allow from 84.20.224.0/19
allow from 84.39.208.0/20
allow from 84.41.0.0/22
allow from 84.41.4.0/25
allow from 84.41.4.128/28
allow from 84.41.4.160/27
allow from 84.41.4.192/26
allow from 84.41.5.0/24
allow from 84.41.6.0/23
allow from 84.41.8.0/21
allow from 84.41.16.0/20
allow from 84.41.32.0/19
allow from 84.41.64.0/19
allow from 84.41.96.0/21
allow from 84.41.104.0/29
allow from 84.41.104.48/28
allow from 84.41.104.104/29
allow from 84.41.104.112/28
allow from 84.41.104.128/29
allow from 84.41.104.168/29
allow from 84.41.104.184/29
allow from 84.41.104.200/29
allow from 84.41.108.0/29
allow from 84.41.108.24/29
allow from 84.41.108.32/27
allow from 84.41.108.64/27
allow from 84.41.108.112/28
allow from 84.41.108.144/28
allow from 84.41.108.160/28
allow from 84.41.108.192/28
allow from 84.41.108.232/29
allow from 84.41.108.248/29
allow from 84.41.110.0/27
allow from 84.41.110.40/29
allow from 84.41.110.48/28
allow from 84.41.110.64/26
allow from 84.41.110.128/25
allow from 84.41.111.0/24
allow from 84.41.112.0/24
allow from 84.41.114.0/24
allow from 84.41.115.224/27
allow from 84.41.116.32/28
allow from 84.41.116.80/29
allow from 84.41.116.96/29
allow from 84.41.116.200/29
allow from 84.41.116.224/28
allow from 84.41.117.32/29
allow from 84.41.117.48/28
allow from 84.41.117.80/28
allow from 84.41.117.96/27
allow from 84.41.117.144/29
allow from 84.41.117.160/28
allow from 84.41.117.232/29
allow from 84.41.117.240/28
allow from 84.41.118.32/28
allow from 84.41.118.56/29
allow from 84.41.118.192/28
allow from 84.41.118.224/27
allow from 84.41.119.16/28
allow from 84.41.119.32/29
allow from 84.41.119.48/29
allow from 84.41.119.64/26
allow from 84.41.119.128/28
allow from 84.41.119.144/29
allow from 84.41.119.160/27
allow from 84.41.119.192/28
allow from 84.41.119.208/29
allow from 84.41.119.224/29
allow from 84.41.119.240/28
allow from 84.41.124.0/22
allow from 84.52.128.0/18
allow from 84.255.192.0/18
allow from 85.10.0.0/19
allow from 85.10.32.0/20
allow from 85.208.172.0/22
allow from 86.58.0.0/17
allow from 86.61.0.0/18
allow from 86.61.64.0/20
allow from 86.61.80.0/21
allow from 86.61.88.0/22
allow from 86.61.92.0/24
allow from 86.61.95.0/24
allow from 86.61.96.0/19
allow from 87.119.128.0/19
allow from 88.200.0.0/17
allow from 89.31.150.168/31
allow from 89.31.150.170/32
allow from 89.142.0.0/16
allow from 89.143.0.0/17
allow from 89.143.128.0/18
allow from 89.143.192.0/19
allow from 89.143.224.0/20
allow from 89.143.244.0/22
allow from 89.143.248.0/21
allow from 89.212.0.0/16
allow from 89.233.112.0/20
allow from 90.157.128.0/17
allow from 91.132.72.0/23
allow from 91.132.208.0/22
allow from 91.185.192.0/19
allow from 91.195.146.0/23
allow from 91.198.0.0/24
allow from 91.198.52.0/24
allow from 91.198.96.0/24
allow from 91.198.112.0/24
allow from 91.198.190.0/24
allow from 91.198.214.0/24
allow from 91.199.23.0/24
allow from 91.199.61.0/24
allow from 91.199.124.0/24
allow from 91.199.131.0/24
allow from 91.199.142.0/24
allow from 91.199.161.0/24
allow from 91.199.201.0/24
allow from 91.199.235.0/24
allow from 91.202.64.0/22
allow from 91.208.27.0/24
allow from 91.208.88.0/24
allow from 91.208.101.0/24
allow from 91.208.125.0/24
allow from 91.208.168.0/24
allow from 91.208.200.0/24
allow from 91.208.225.0/24
allow from 91.209.18.0/24
allow from 91.209.49.0/24
allow from 91.209.132.0/24
allow from 91.209.145.0/24
allow from 91.209.150.0/24
allow from 91.209.181.0/24
allow from 91.209.188.0/24
allow from 91.209.207.0/24
allow from 91.209.237.0/24
allow from 91.209.251.0/24
allow from 91.212.24.0/24
allow from 91.212.134.0/24
allow from 91.212.199.0/24
allow from 91.212.208.0/24
allow from 91.212.251.0/24
allow from 91.213.80.0/24
allow from 91.213.89.0/24
allow from 91.213.131.0/24
allow from 91.213.147.0/24
allow from 91.213.241.0/24
allow from 91.216.54.0/24
allow from 91.216.74.0/24
allow from 91.216.87.0/24
allow from 91.216.109.0/24
allow from 91.216.172.0/24
allow from 91.217.92.0/23
allow from 91.217.122.0/23
allow from 91.217.126.0/23
allow from 91.217.222.0/24
allow from 91.217.255.0/24
allow from 91.220.55.0/24
allow from 91.220.78.0/24
allow from 91.220.107.0/24
allow from 91.220.119.0/24
allow from 91.220.156.0/24
allow from 91.220.194.0/24
allow from 91.220.213.0/24
allow from 91.220.221.0/24
allow from 91.220.240.0/24
allow from 91.221.170.0/23
allow from 91.223.26.0/24
allow from 91.223.39.0/24
allow from 91.223.43.0/24
allow from 91.223.49.0/24
allow from 91.223.80.0/24
allow from 91.223.113.0/24
allow from 91.223.115.0/24
allow from 91.223.166.0/24
allow from 91.223.174.0/24
allow from 91.223.182.0/24
allow from 91.223.189.0/24
allow from 91.223.193.0/24
allow from 91.223.197.0/24
allow from 91.223.230.0/24
allow from 91.223.238.0/24
allow from 91.224.172.0/23
allow from 91.224.238.0/23
allow from 91.225.96.0/22
allow from 91.226.77.0/24
allow from 91.226.246.0/24
allow from 91.227.43.0/24
allow from 91.227.110.0/23
allow from 91.228.207.0/24
allow from 91.229.72.0/24
allow from 91.230.90.0/24
allow from 91.230.238.0/24
allow from 91.232.234.0/24
allow from 91.232.239.0/24
allow from 91.233.163.0/24
allow from 91.235.82.0/24
allow from 91.235.242.0/24
allow from 91.236.1.0/24
allow from 91.237.33.0/24
allow from 91.237.132.0/22
allow from 91.239.96.0/23
allow from 91.239.193.0/24
allow from 91.240.52.0/22
allow from 91.240.216.0/24
allow from 91.245.193.0/24
allow from 91.246.224.0/19
allow from 92.37.0.0/17
allow from 92.53.128.0/18
allow from 92.60.70.0/32
allow from 92.60.70.2/32
allow from 92.60.70.4/32
allow from 92.60.70.6/31
allow from 92.60.70.8/29
allow from 92.60.70.16/29
allow from 92.60.70.24/32
allow from 92.60.70.26/32
allow from 92.60.70.28/30
allow from 92.60.70.32/28
allow from 92.60.70.48/31
allow from 92.60.70.54/31
allow from 92.60.70.56/29
allow from 92.60.70.64/29
allow from 92.60.70.72/31
allow from 92.60.70.76/30
allow from 92.60.70.80/28
allow from 92.60.70.96/27
allow from 92.60.70.128/25
allow from 92.60.72.0/22
allow from 92.60.79.0/24
allow from 92.63.16.0/20
allow from 92.119.72.0/22
allow from 92.244.64.0/19
allow from 92.249.28.0/24
allow from 93.103.0.0/16
allow from 94.103.64.0/20
allow from 94.103.244.0/22
allow from 94.127.24.0/21
allow from 94.140.64.0/19
allow from 95.87.128.0/18
allow from 95.143.85.120/29
allow from 95.143.144.0/20
allow from 95.159.192.0/18
allow from 95.176.128.0/17
allow from 109.123.0.0/18
allow from 109.127.192.0/18
allow from 109.182.0.0/16
allow from 109.202.120.0/21
allow from 109.239.176.0/20
allow from 113.29.79.0/32
allow from 128.90.175.0/24
allow from 130.117.1.106/32
allow from 130.117.2.82/32
allow from 130.117.48.73/32
allow from 130.117.48.82/32
allow from 130.117.51.65/32
allow from 130.117.51.66/32
allow from 130.244.33.85/32
allow from 130.244.61.25/32
allow from 139.92.33.1/32
allow from 139.92.116.1/32
allow from 141.29.0.0/17
allow from 141.29.128.0/19
allow from 141.29.160.0/22
allow from 141.29.165.0/24
allow from 141.29.166.0/23
allow from 141.29.168.0/21
allow from 141.29.176.0/20
allow from 141.29.192.0/19
allow from 141.29.224.0/21
allow from 141.29.232.0/22
allow from 141.29.237.0/24
allow from 141.29.238.0/23
allow from 141.29.240.0/20
allow from 141.255.192.0/18
allow from 145.14.4.0/22
allow from 145.14.8.0/21
allow from 145.14.48.0/21
allow from 146.212.0.0/16
allow from 146.247.24.0/21
allow from 147.78.216.0/22
allow from 149.5.192.1/32
allow from 149.5.192.32/29
allow from 149.6.52.0/30
allow from 149.6.52.8/29
allow from 149.6.52.17/32
allow from 149.6.52.21/32
allow from 149.6.52.24/30
allow from 149.6.52.29/32
allow from 149.6.52.33/32
allow from 149.6.52.37/32
allow from 149.6.52.40/29
allow from 149.6.52.49/32
allow from 149.6.52.53/32
allow from 149.6.52.61/32
allow from 149.6.52.64/27
allow from 149.6.52.96/28
allow from 149.6.52.112/29
allow from 149.11.116.5/32
allow from 149.11.154.1/32
allow from 149.62.64.0/18
allow from 149.126.128.0/19
allow from 152.89.232.0/22
allow from 153.5.0.0/16
allow from 154.25.3.9/32
allow from 154.25.3.10/32
allow from 154.25.3.37/32
allow from 154.25.3.38/32
allow from 154.25.3.45/32
allow from 154.25.3.46/32
allow from 154.25.3.85/32
allow from 154.25.3.86/32
allow from 154.25.3.89/32
allow from 154.25.3.90/32
allow from 154.25.3.101/32
allow from 154.25.3.102/32
allow from 154.25.3.105/32
allow from 154.25.3.106/32
allow from 154.25.4.77/32
allow from 154.25.4.78/32
allow from 154.25.5.33/32
allow from 154.25.5.34/32
allow from 154.25.5.37/32
allow from 154.25.5.38/32
allow from 154.26.32.69/32
allow from 154.26.32.72/31
allow from 154.26.32.74/32
allow from 154.26.32.78/32
allow from 154.26.32.115/32
allow from 154.26.48.69/32
allow from 154.26.48.72/31
allow from 154.26.48.74/32
allow from 154.26.48.78/32
allow from 154.26.48.115/32
allow from 154.54.21.68/32
allow from 154.54.21.247/32
allow from 154.54.33.17/32
allow from 154.54.48.85/32
allow from 154.54.48.229/32
allow from 154.54.62.241/32
allow from 154.54.62.242/32
allow from 157.167.74.0/24
allow from 162.254.84.160/27
allow from 163.159.0.0/16
allow from 164.8.0.0/16
allow from 176.52.128.0/19
allow from 176.57.92.0/22
allow from 176.76.0.0/16
allow from 176.105.240.0/22
allow from 178.58.0.0/16
allow from 178.79.64.0/18
allow from 178.172.0.0/17
allow from 178.216.56.0/21
allow from 185.13.52.0/22
allow from 185.24.36.0/22
allow from 185.28.8.0/22
allow from 185.29.16.0/22
allow from 185.30.136.0/22
allow from 185.33.48.0/22
allow from 185.41.176.0/22
allow from 185.45.42.16/28
allow from 185.49.0.0/22
allow from 185.49.116.0/22
allow from 185.53.12.0/22
allow from 185.54.128.0/23
allow from 185.54.131.0/24
allow from 185.56.222.0/24
allow from 185.57.16.0/22
allow from 185.57.144.0/22
allow from 185.57.224.0/23
allow from 185.57.226.0/25
allow from 185.57.226.128/29
allow from 185.57.226.137/32
allow from 185.57.226.138/31
allow from 185.57.226.140/30
allow from 185.57.226.144/28
allow from 185.57.226.160/27
allow from 185.57.226.192/26
allow from 185.57.227.0/24
allow from 185.58.180.0/22
allow from 185.59.24.0/22
allow from 185.60.116.0/22
allow from 185.66.148.0/22
allow from 185.69.148.0/22
allow from 185.71.172.0/22
allow from 185.72.28.0/22
allow from 185.72.60.0/22
allow from 185.72.104.0/22
allow from 185.73.4.0/22
allow from 185.74.90.0/24
allow from 185.78.240.0/22
allow from 185.79.228.0/22
allow from 185.81.28.0/22
allow from 185.84.100.0/22
allow from 185.85.148.0/22
allow from 185.92.176.0/22
allow from 185.92.228.0/24
allow from 185.92.230.0/23
allow from 185.92.232.0/22
allow from 185.93.104.0/22
allow from 185.97.52.0/22
allow from 185.97.68.0/22
allow from 185.99.24.224/30
allow from 185.99.26.224/30
allow from 185.114.144.0/22
allow from 185.128.248.0/24
allow from 185.128.250.0/23
allow from 185.133.184.0/22
allow from 185.146.253.0/24
allow from 185.146.254.0/23
allow from 185.148.72.0/22
allow from 185.153.24.0/22
allow from 185.153.169.4/32
allow from 185.153.169.10/32
allow from 185.173.52.0/22
allow from 185.175.0.0/22
allow from 185.178.224.0/22
allow from 185.179.48.0/22
allow from 185.179.216.0/22
allow from 185.185.88.0/22
allow from 185.187.8.0/22
allow from 185.190.83.0/24
allow from 185.194.185.112/28
allow from 185.195.156.0/22
allow from 185.205.116.0/22
allow from 185.206.184.0/22
allow from 185.221.56.0/22
allow from 185.236.192.0/22
allow from 188.64.24.0/21
allow from 188.64.104.0/21
allow from 188.119.104.0/22
allow from 188.196.0.0/14
allow from 188.230.128.0/17
allow from 192.84.90.0/24
allow from 192.84.95.0/24
allow from 192.84.97.0/24
allow from 192.84.99.0/24
allow from 192.84.101.0/24
allow from 192.84.102.0/23
allow from 192.84.104.0/24
allow from 192.84.107.0/24
allow from 192.84.109.0/24
allow from 192.160.15.0/24
allow from 193.0.244.0/24
allow from 193.2.0.0/16
allow from 193.9.12.0/24
allow from 193.9.19.0/24
allow from 193.9.21.0/24
allow from 193.9.52.0/22
allow from 193.16.109.0/24
allow from 193.16.152.0/24
allow from 193.17.1.0/24
allow from 193.17.227.0/24
allow from 193.23.49.0/24
allow from 193.23.62.0/24
allow from 193.23.137.0/24
allow from 193.24.248.0/24
allow from 193.26.26.0/24
allow from 193.26.220.0/24
allow from 193.28.14.0/24
allow from 193.28.43.0/24
allow from 193.28.51.0/24
allow from 193.28.54.0/24
allow from 193.28.146.0/24
allow from 193.35.111.0/24
allow from 193.36.40.0/24
allow from 193.41.35.0/24
allow from 193.41.36.0/24
allow from 193.41.89.0/24
allow from 193.46.71.0/24
allow from 193.46.75.0/24
allow from 193.47.136.0/24
allow from 193.77.0.0/16
allow from 193.95.192.0/18
allow from 193.104.10.0/24
allow from 193.104.23.0/24
allow from 193.104.134.0/24
allow from 193.104.236.0/24
allow from 193.104.240.0/24
allow from 193.105.22.0/24
allow from 193.105.67.0/24
allow from 193.105.115.0/24
allow from 193.105.127.0/24
allow from 193.109.124.0/24
allow from 193.109.227.0/24
allow from 193.110.14.0/23
allow from 193.110.145.0/24
allow from 193.111.192.0/23
allow from 193.111.220.0/22
allow from 193.138.1.0/24
allow from 193.138.2.0/23
allow from 193.138.9.0/24
allow from 193.138.32.0/19
allow from 193.142.116.0/24
allow from 193.142.149.0/24
allow from 193.164.137.0/24
allow from 193.164.138.0/23
allow from 193.164.140.0/23
allow from 193.169.48.0/23
allow from 193.178.188.0/24
allow from 193.189.137.0/24
allow from 193.189.160.0/20
allow from 193.189.176.0/22
allow from 193.189.180.0/25
allow from 193.189.180.128/26
allow from 193.189.180.192/27
allow from 193.189.180.224/28
allow from 193.189.180.240/29
allow from 193.189.181.0/24
allow from 193.189.182.0/23
allow from 193.189.184.0/21
allow from 193.194.120.0/23
allow from 193.200.207.0/24
allow from 193.201.45.0/24
allow from 193.201.101.0/24
allow from 193.201.109.0/24
allow from 193.201.165.0/24
allow from 193.201.212.0/22
allow from 193.218.94.0/24
allow from 193.219.100.0/24
allow from 193.219.106.0/24
allow from 193.221.112.0/24
allow from 193.221.115.0/24
allow from 193.228.151.0/24
allow from 193.242.154.0/24
allow from 193.243.140.0/23
allow from 194.0.174.0/23
allow from 194.0.191.0/24
allow from 194.6.237.0/24
allow from 194.6.242.0/24
allow from 194.8.94.0/23
allow from 194.9.29.0/24
allow from 194.10.5.168/29
allow from 194.28.108.0/22
allow from 194.29.83.0/24
allow from 194.33.12.0/24
allow from 194.35.84.0/22
allow from 194.39.85.0/24
allow from 194.40.211.0/24
allow from 194.50.136.0/23
allow from 194.50.138.0/24
allow from 194.50.166.0/24
allow from 194.56.75.0/24
allow from 194.59.182.0/24
allow from 194.59.185.0/24
allow from 194.60.74.0/24
allow from 194.110.199.0/24
allow from 194.110.222.0/24
allow from 194.116.204.0/23
allow from 194.117.124.250/32
allow from 194.117.125.13/32
allow from 194.117.126.191/32
allow from 194.126.197.0/24
allow from 194.152.0.0/19
allow from 194.156.156.0/24
allow from 194.165.96.0/19
allow from 194.176.112.0/24
allow from 194.242.36.0/24
allow from 194.247.162.0/23
allow from 194.249.0.0/16
allow from 195.5.164.0/23
allow from 195.20.142.0/24
allow from 195.35.122.0/24
allow from 195.43.131.0/24
allow from 195.43.133.0/24
allow from 195.47.197.0/24
allow from 195.47.211.0/24
allow from 195.47.213.0/24
allow from 195.47.224.0/24
allow from 195.47.226.0/24
allow from 195.47.228.0/24
allow from 195.47.243.0/24
allow from 195.66.69.0/24
allow from 195.66.107.0/24
allow from 195.69.96.0/22
allow from 195.72.118.0/23
allow from 195.75.215.0/24
allow from 195.75.238.0/26
allow from 195.78.83.0/24
allow from 195.79.24.192/28
allow from 195.80.150.0/24
allow from 195.80.225.0/24
allow from 195.85.192.0/24
allow from 195.88.82.0/23
allow from 195.95.158.0/24
allow from 195.95.161.0/24
allow from 195.95.173.0/24
allow from 195.95.200.0/23
allow from 195.95.204.0/23
allow from 195.112.178.66/32
allow from 195.112.179.67/32
allow from 195.118.206.0/24
allow from 195.128.128.0/24
allow from 195.128.141.0/24
allow from 195.130.194.0/24
allow from 195.138.196.0/24
allow from 195.138.201.0/24
allow from 195.144.26.0/24
allow from 195.149.94.0/24
allow from 195.166.120.144/29
allow from 195.166.120.176/29
allow from 195.170.177.0/24
allow from 195.178.118.0/23
allow from 195.182.61.0/24
allow from 195.190.129.0/24
allow from 195.190.158.0/24
allow from 195.191.96.0/24
allow from 195.200.200.0/24
allow from 195.206.228.0/23
allow from 195.210.192.0/18
allow from 195.216.253.0/24
allow from 195.225.50.0/24
allow from 195.230.121.0/24
allow from 195.234.137.0/24
allow from 195.234.169.0/24
allow from 195.234.179.0/24
allow from 195.234.181.0/24
allow from 195.234.189.0/24
allow from 195.245.72.0/23
allow from 195.245.88.0/23
allow from 195.245.106.0/23
allow from 195.245.208.0/24
allow from 195.245.216.0/24
allow from 195.245.250.0/24
allow from 195.246.0.0/19
allow from 195.248.68.0/24
allow from 195.250.58.0/24
allow from 195.250.192.0/19
allow from 202.163.1.64/29
allow from 209.16.140.0/22
allow from 209.206.23.0/24
allow from 212.13.224.0/20
allow from 212.13.240.0/21
allow from 212.13.248.0/27
allow from 212.13.248.40/29
allow from 212.13.248.48/28
allow from 212.13.248.64/26
allow from 212.13.248.128/25
allow from 212.13.249.0/24
allow from 212.13.250.0/23
allow from 212.13.252.0/22
allow from 212.18.32.0/19
allow from 212.30.64.0/19
allow from 212.44.96.0/19
allow from 212.48.121.0/24
allow from 212.48.127.192/26
allow from 212.53.153.0/24
allow from 212.53.167.0/24
allow from 212.63.175.187/32
allow from 212.72.96.0/19
allow from 212.72.189.0/24
allow from 212.85.160.0/19
allow from 212.93.224.0/19
allow from 212.101.128.0/18
allow from 212.102.152.0/22
allow from 212.103.128.0/22
allow from 212.103.132.0/23
allow from 212.103.134.0/24
allow from 212.103.135.0/25
allow from 212.103.135.128/27
allow from 212.103.135.160/29
allow from 212.103.135.176/28
allow from 212.103.135.192/26
allow from 212.103.136.0/21
allow from 212.103.144.0/21
allow from 212.103.152.0/24
allow from 212.103.153.16/28
allow from 212.103.153.32/27
allow from 212.103.153.64/26
allow from 212.103.153.128/25
allow from 212.103.154.0/23
allow from 212.103.156.0/22
allow from 212.115.96.240/29
allow from 212.118.64.0/19
allow from 212.151.133.5/32
allow from 212.151.133.7/32
allow from 212.151.133.9/32
allow from 212.151.133.11/32
allow from 212.151.133.13/32
allow from 212.151.133.15/32
allow from 212.151.133.17/32
allow from 212.151.133.19/32
allow from 212.151.133.21/32
allow from 212.151.133.23/32
allow from 212.151.182.49/32
allow from 212.151.182.50/32
allow from 212.151.188.101/32
allow from 212.151.188.102/31
allow from 212.151.188.104/32
allow from 212.235.128.0/17
allow from 213.5.112.0/21
allow from 213.39.79.0/24
allow from 213.142.224.0/20
allow from 213.142.240.0/21
allow from 213.143.64.0/19
allow from 213.157.224.0/19
allow from 213.161.0.0/19
allow from 213.172.224.0/19
allow from 213.206.136.216/32
allow from 213.229.192.0/18
allow from 213.250.0.0/20
allow from 213.250.16.0/21
allow from 213.250.24.0/24
allow from 213.250.25.0/25
allow from 213.250.25.128/26
allow from 213.250.25.192/27
allow from 213.250.25.224/28
allow from 213.250.26.0/23
allow from 213.250.28.0/22
allow from 213.250.32.0/19
allow from 213.253.64.0/19
allow from 213.253.96.0/21
allow from 213.253.104.0/22
allow from 213.253.108.0/24
allow from 213.253.110.24/29
allow from 213.253.110.32/28
allow from 213.253.110.56/29
allow from 213.253.110.64/27
allow from 213.253.112.152/29
allow from 213.253.113.56/29
allow from 213.253.113.128/28
allow from 213.253.114.192/27
allow from 213.253.114.224/28
allow from 213.253.116.32/29
allow from 213.253.117.160/29
allow from 213.253.120.0/28
allow from 213.253.120.16/29
allow from 213.253.120.32/27
allow from 213.253.120.104/29
allow from 213.253.120.168/29
allow from 213.253.120.176/29
allow from 213.253.124.0/22
allow from 217.61.252.0/24
allow from 217.72.64.0/19
allow from 217.77.241.224/32
deny from all
</Limit>
ErrorDocument 403 https://oglasi.hopto.org/403.html
ErrorDocument 401 https://oglasi.hopto.org/401.html
ErrorDocument 402 https://oglasi.hopto.org/402.html
ErrorDocument 404 https://oglasi.hopto.org/404.html
ErrorDocument 500 https://oglasi.hopto.org/500.html
NAREDITE SI PO SVOJE VAŠE STRANI NAPAK 403….. ITD NI NUJNO DA JE ENAKA STRAN, PRIMER LAHKO 401.html – 402.html – 403.html – itd…
Shranite zgornje direktive v .htaccess datoteko in jo prenesite npr. /htdocs/vašamapaaliapp/ – lahko več map, kopirajte ta .htaccess in ste rešili problem – Pozor iz TUJINE TUDI VI NE BOSTE MOGLI DOSTOPAT DO TEH MAP – ZA DOSTOP IZ TUJINE V TAKIH PRIMERIH UPORABITE VAŠ PROXY ALI PA KATERIKOLI DRUGI VPN-PROXY STREŽNIK IZ SLOVENIJE – NI NUJNO DA JE VAŠ VAŽNO DA IMATE PRISTOPNE PODATKE!
Primer Fail2Ban iptables izpis blokad – vedno preverite s spodnjo komando:
sudo iptables -L -n --line
fail2ban BANIRANI oz. PREPOVADNI BLOKIRANI IP – Povavadi večina VPN-Proxy strežniki komercialni ali tudi privat – nišče vam ne bo udiral iz lastnega morežja 110%!!! izpis sudo iptables -L -n –line
Chain f2b-recidive (1 references)
num target prot opt source destination
1 REJECT all -- 178.128.104.221 0.0.0.0/0 reject-with icmp-port-unreachable
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-apache-myadmin (1 references)
num target prot opt source destination
1 REJECT all -- 85.208.96.17 0.0.0.0/0 reject-with icmp-port-unreachable
2 REJECT all -- 85.208.96.16 0.0.0.0/0 reject-with icmp-port-unreachable
3 REJECT all -- 85.208.96.15 0.0.0.0/0 reject-with icmp-port-unreachable
4 REJECT all -- 85.208.96.14 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 54.36.149.57 0.0.0.0/0 reject-with icmp-port-unreachable
6 REJECT all -- 54.36.149.46 0.0.0.0/0 reject-with icmp-port-unreachable
7 REJECT all -- 54.36.148.85 0.0.0.0/0 reject-with icmp-port-unreachable
8 REJECT all -- 54.36.148.43 0.0.0.0/0 reject-with icmp-port-unreachable
9 REJECT all -- 5.101.0.209 0.0.0.0/0 reject-with icmp-port-unreachable
10 REJECT all -- 221.199.14.245 0.0.0.0/0 reject-with icmp-port-unreachable
11 REJECT all -- 198.16.76.28 0.0.0.0/0 reject-with icmp-port-unreachable
12 REJECT all -- 198.16.74.43 0.0.0.0/0 reject-with icmp-port-unreachable
13 REJECT all -- 198.16.70.53 0.0.0.0/0 reject-with icmp-port-unreachable
14 REJECT all -- 178.128.126.39 0.0.0.0/0 reject-with icmp-port-unreachable
15 REJECT all -- 178.128.126.0 0.0.0.0/0 reject-with icmp-port-unreachable
16 REJECT all -- 104.131.188.187 0.0.0.0/0 reject-with icmp-port-unreachable
17 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-http-dos (1 references)
num target prot opt source destination
1 REJECT all -- 178.62.89.121 0.0.0.0/0 reject-with icmp-port-unreachable
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-wp-nfw (1 references)
num target prot opt source destination
1 REJECT all -- 13.82.55.159 0.0.0.0/0 reject-with icmp-port-unreachable
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-wordpress (1 references)
num target prot opt source destination
1 REJECT all -- 178.128.82.122 0.0.0.0/0 reject-with icmp-port-unreachable
2 REJECT all -- 178.128.117.77 0.0.0.0/0 reject-with icmp-port-unreachable
3 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-enigma (1 references)
num target prot opt source destination
1 REJECT all -- 178.62.106.169 0.0.0.0/0 reject-with icmp-port-unreachable
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-napaka (1 references)
num target prot opt source destination
1 REJECT all -- 93.174.95.106 0.0.0.0/0 reject-with icmp-port-unreachable
2 REJECT all -- 66.249.75.8 0.0.0.0/0 reject-with icmp-port-unreachable
3 REJECT all -- 66.249.75.6 0.0.0.0/0 reject-with icmp-port-unreachable
4 REJECT all -- 66.240.236.119 0.0.0.0/0 reject-with icmp-port-unreachable
5 REJECT all -- 46.101.89.227 0.0.0.0/0 reject-with icmp-port-unreachable
6 REJECT all -- 217.182.230.15 0.0.0.0/0 reject-with icmp-port-unreachable
7 REJECT all -- 198.16.66.157 0.0.0.0/0 reject-with icmp-port-unreachable
8 REJECT all -- 178.62.93.49 0.0.0.0/0 reject-with icmp-port-unreachable
9 REJECT all -- 178.128.104.221 0.0.0.0/0 reject-with icmp-port-unreachable
10 REJECT all -- 177.135.85.114 0.0.0.0/0 reject-with icmp-port-unreachable
11 REJECT all -- 162.243.246.160 0.0.0.0/0 reject-with icmp-port-unreachable
12 REJECT all -- 152.67.42.40 0.0.0.0/0 reject-with icmp-port-unreachable
13 REJECT all -- 150.136.214.147 0.0.0.0/0 reject-with icmp-port-unreachable
14 REJECT all -- 150.136.154.228 0.0.0.0/0 reject-with icmp-port-unreachable
15 REJECT all -- 141.145.116.229 0.0.0.0/0 reject-with icmp-port-unreachable
16 REJECT all -- 132.145.101.248 0.0.0.0/0 reject-with icmp-port-unreachable
17 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Zapomnite si Recidive vam bo v vsakem primeru ponavljajoče se BANe IPjev blokiral za dlje časa v tem primeru 1 teden, vi si sami skonfigurirajte vaš fail2ban po želji – to je samo primer – eden izmen načinov zaščite – vaših aplikacij na netu.
Za WP ali ostale cms in webapps je najboljša varianta, da si zaščitite vse preko F2B požarnega zida. Primer NinjaFirewall Pro ali WP Edition:
Filter Fail2Ban za dogodke sistemskega dnevnika NinjaFirewall WP+ Edition
PREGLED
NinjaFirewall (WP + Edition) plugin je zelo hiter, zanesljiv Web Application Firewall za WordPress. Fail2Ban je demon, ki enkrat na sekundo pregleda datoteke dnevnika strežnika. Če najde dokaze o napadu na strežnik, lahko prepove naslov IP, s katerega napad prihaja. Ta članek opisuje, kako dodati filter datoteke syslog v Fail2Ban, ki zazna kritične, visoke in srednje varnostne dogodke, ki jih v syslog zapiše NinjaFirewall, tako da lahko prepove napadalčev IP naslov.
Najprej kupite, namestite in konfigurirajte vtičnik NinjaFirewall WP+ Edition na svojem spletnem mestu WordPress. Nato pojdite naNinjaFirewall+ | Dnevnik požarnega zidustrani z nastavitvami in se prepričajte, da je zapisovanje požarnega zidu omogočeno. Označite kljukicoDogodke zapišite tudi na strežnik Syslogmožnost in shranite te nastavitve. NinjaFirewall+ bo zdaj shranil dogodke požarnega zidu v datoteko syslog vašega strežnika.
Zdaj se prijavite v svoj spletni strežnik (ob predpostavki, da imate Fail2Ban že nameščen in deluje) in ustvarite novo datoteko recepta z naslednjim ukazom …
Obdrži maxretrynizka vrednost preglasitve; 2 je dobro, 1 je prenizko. Napadi so pogosto porazdeljeni, pri čemer je vsak naslov IP uporabljen samo enkrat. To bo ustvarilo veliko nepotrebnih prepovedi IP. Težji napadi ali manjši bot-neti bodo ponovno uporabili naslove IP, zato bo nastavitev 2 blokirala te napadalce.
Končno znova zaženite storitev …
sudo service fail2ban restart
TESTIRANJE
Če želite preizkusiti nov filter, zaženite ta ukaz …
Če so v datoteki syslog vnosi iz NinjaFirewall, vam bo fail2ban-regex prikazal število zadetkov.
Če obstajajo kateri koli naslovi IP, ki so trenutno prepovedani, jih lahko vidite tako, da zaženete ta ukaz …
sudo iptables -L
PREVIDNOSTNI UKREPI ZA STORITVE PREDPOMNILNIKA IN PROXY
Ko se do vašega spletnega strežnika dostopa prek storitve predpomnjenja ali proxy, kot je CloudFlare, bo povezovalni naslov IP v napadu IP naslov proxy strežnika. Prepoved povezovalnega naslova IP lahko povzroči, da vaše spletno mesto postane nedostopno za del ali celoten internet. Preprosta prepoved pravega naslova IP odjemalca tudi ne bo pomagala, saj se ta naslov IP najverjetneje nikoli ne bi povezal neposredno z vašim spletnim mestom. V tem primeru morda sploh ne boste želeli uporabljati tega filtra Fail2Ban.
Če se fail2ban ne bo znova zagnal, ko ste uredili konfiguracijske datoteke, ga lahko poskusite ročno zagnati z omogočenim podrobnim sporočanjem, da ugotovite, kje ne uspe, ko se zažene.
fail2ban-client -vvv -x start
Ko popravite vse napake v konfiguracijskih datotekah, jo znova zaženite kot storitev.