That's great - Thanks Alex. Will try this. On 25/07/2020 14:32, Alex Schroeder wrote: > (Resending because it seems that my mail disappeared somewhere.) > > 2200 hits in the last few days... > > I'm going to setup a fail2ban rule. Adapt the datepattern to your > logfiles. Basically any successful connection counts as "a failed login > attempt". Of these, you may have 20 in a 40s time window, which is what > I think is a reasonable upper limit for humans and bots. If you're > crawling the site faster than that, you get banned for 10min by the > firewall. > > > /etc/fail2ban/jail.d/alex.conf: > > [alex-gemini] > enabled = true > port = 1965 > logpath = /home/alex/farm/gemini-wiki.log > findtime = 40 > maxretry = 20 > > > /etc/fail2ban/filter.d/alex-gemini.conf: > > [Init] > # 2018/08/25-09:08:55 CONNECT TCP Peer: "[000.000.000.000]:56281" > Local: "[000.000.000.000]:70" > datepattern = ^%%Y/%%m/%%d-%%H:%%M:%%S > > [Definition] > # ANY match in the logfile counts! > failregex = CONNECT TCP Peer: "\[<HOST>\]:\d+" > > > I also activated the recidive rule in fail2ban. This means that people > who get banned by fail2ban repeatedly get banned for even longer times > (hours instead of minutes). This is in the first file again: > > > /etc/fail2ban/jail.d/alex.conf: > > [recidive] > enabled = true > > > I use this system for my websites, my gopher sites, and now for gemini, > too. > > Cheers > Alex > > > > > >
---
Previous in thread (14 of 18): 🗣️ Solderpunk (solderpunk (a) posteo.net)
Next in thread (16 of 18): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)