CrawlTrack, webmaster dashboard.
Web analytic, SEO and protection

CrawlProtect, your website safety.
Reinforced protection

Two php/MySQL scripts, free and easy to install
The tools you need to manage and keep control of your site.


CrawlTrack and CrawlProtect support forum

You are not logged in.

#1 15-02-2008 22:06:28

Registered: 30-10-2005
Posts: 2980

CrawlTrack and Fail2ban

For whose who use Fail2ban on there server, you will find here explanation to link the CrawlTrack hacking attempts detection and the Fail2ban IP rejection.

1°)In the file /etc/fail2ban/jail.conf add:



enabled  = true
filter   = apache-crawltrack
action   = iptables[name=crawltrack, port=http, protocol=tcp]
logpath  = /home/log/httpd/access_log
maxretry = 0
bantime  = 1200

note: put your own Apache log address instead of  /home/log/httpd/access_log
With these parameters, the attacker will be block for 20 minutes after the first attack (if you want to test it, you will have to be patient to retrieve access to your site...)

2°) in the folder /etc/fail2ban/filter.d/create an apache-crawltrack.conf file with the following content:


# Fail2Ban configuration file
#This file is to be used with Crawltrack to be able to ban IP which has been detected as hacking attempts
# Author: Jean-Denis Brun

# Option:  failregex
# Notes.:  regex to match the access to CrawlTrack noaccess page in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
failregex =^<HOST> -.*"GET.*noacces.*"
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
ignoreregex =

3) Restart Fail2ban

Each attacker detected by CrawlTrack will be ban during 20 minutes by your Firewall.

CrawlTrack & CrawlProtect developer



Board footer

Powered by PunBB
© Copyright 2002–2008 PunBB