2200 hits in the last few days... I'm going to setup a fail2ban rule. Adapt the datepattern to your logfiles. Basically any successful connection counts as "a failed login attempt". Of these, you may have 20 in a 40s time window, which is what I think is a reasonable upper limit for humans and bots. If you're crawling the site faster than that, you get banned for 10min by the firewall. /etc/fail2ban/jail.d/alex.conf: [alex-gemini] enabled = true port = 1965 logpath = /home/alex/farm/gemini-wiki.log findtime = 40 maxretry = 20 /etc/fail2ban/filter.d/alex-gemini.conf: [Init] # 2018/08/25-09:08:55 CONNECT TCP Peer: "[000.000.000.000]:56281" Local: "[000.000.000.000]:70" datepattern = ^%%Y/%%m/%%d-%%H:%%M:%%S [Definition] # ANY match in the logfile counts! failregex = CONNECT TCP Peer: "\[<HOST>\]:\d+" I also activated the recidive rule in fail2ban. This means that people who get banned by fail2ban repeatedly get banned for even longer times (hours instead of minutes). This is in the first file again: /etc/fail2ban/jail.d/alex.conf: [recidive] enabled = true I use this system for my websites, my gopher sites, and now for gemini, too. The attached image shows what this looks like over time, using Munin. As you can see, almost all the bans are due to the websites. Cheers Alex -------------- next part -------------- A non-text attachment was scrubbed... Name: Image-X1D7N0.png Type: image/png Size: 36409 bytes Desc: not available URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200725/b32e a25d/attachment-0001.png>
---
Previous in thread (11 of 18): 🗣️ mojibake (mojibake (a) riseup.net)
Next in thread (13 of 18): 🗣️ Alex Schroeder (alex (a) gnu.org)