mojibake mojibake at riseup.net
Sat Jul 25 17:06:42 BST 2020
- - - - - - - - - - - - - - - - - - -
That's great - Thanks Alex. Will try this.
On 25/07/2020 14:32, Alex Schroeder wrote:
(Resending because it seems that my mail disappeared somewhere.)
2200 hits in the last few days...
I'm going to setup a fail2ban rule. Adapt the datepattern to your
logfiles. Basically any successful connection counts as "a failed login
attempt". Of these, you may have 20 in a 40s time window, which is what
I think is a reasonable upper limit for humans and bots. If you're
crawling the site faster than that, you get banned for 10min by the
firewall.
/etc/fail2ban/jail.d/alex.conf:
[alex-gemini]
enabled = true
port = 1965
logpath = /home/alex/farm/gemini-wiki.log
findtime = 40
maxretry = 20
/etc/fail2ban/filter.d/alex-gemini.conf:
[Init]
# 2018/08/25-09:08:55 CONNECT TCP Peer: "[000.000.000.000]:56281"
Local: "[000.000.000.000]:70"
datepattern = ^%%Y/%%m/%%d-%%H:%%M:%%S
[Definition]
# ANY match in the logfile counts!
failregex = CONNECT TCP Peer: "\[<HOST>\]:\d+"
I also activated the recidive rule in fail2ban. This means that people
who get banned by fail2ban repeatedly get banned for even longer times
(hours instead of minutes). This is in the first file again:
/etc/fail2ban/jail.d/alex.conf:
[recidive]
enabled = true
I use this system for my websites, my gopher sites, and now for gemini,
too.
Cheers
Alex