{"id":18408,"date":"2015-03-23T09:54:47","date_gmt":"2015-03-23T04:24:47","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=18408"},"modified":"2015-11-04T12:39:36","modified_gmt":"2015-11-04T07:09:36","slug":"fail2ban-port-80-to-protect-sites-from-dos-attacks","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/fail2ban-port-80-to-protect-sites-from-dos-attacks\/","title":{"rendered":"Fail2Ban Port 80 to protect sites from DOS Attacks"},"content":{"rendered":"<p><strong>FAIL2BAN Port 80<\/strong>\u00a0is used to<strong> protect sites from DOS Attacks.\u00a0<\/strong>Fail2ban scans log files (e.g. \/var\/log\/apache\/error_log) and bans IPs that show the malicious signs &#8212; too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured.<\/p>\n<div id=\"attachment_18411\" style=\"width: 251px\" class=\"wp-caption alignnone\"><a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/03\/fail2ban.jpg\"><img aria-describedby=\"caption-attachment-18411\" decoding=\"async\" loading=\"lazy\" class=\" wp-image-18411\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/03\/fail2ban.jpg\" alt=\"Fail2Ban port 80\" width=\"241\" height=\"146\" \/><\/a><p id=\"caption-attachment-18411\" class=\"wp-caption-text\">Fail2Ban port 80<\/p><\/div>\n<p>In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. The machine or network is flooded with useless traffic in this attack.<\/p>\n<div id=\"attachment_18409\" style=\"width: 251px\" class=\"wp-caption alignnone\"><a href=\"\/blog\/wp-ttn-blog\/uploads\/2015\/03\/ddos.jpg\"><img aria-describedby=\"caption-attachment-18409\" decoding=\"async\" loading=\"lazy\" class=\" wp-image-18409\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/03\/ddos.jpg\" alt=\"DDOS Attack\" width=\"241\" height=\"185\" \/><\/a><p id=\"caption-attachment-18409\" class=\"wp-caption-text\">DDOS Attack<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>To protect your website or service,\u00a0<strong>Fail2Ban\u00a0<\/strong>can be used on different ports. Here it will be explained how to use Fail2Ban on port 80. \u00a0You can also check <a href=\"http:\/\/www.tothenew.com\/blog\/blocking-ip-addresses-with-false-intentions-using-fail2ban\/\" target=\"_blank\">HOW TO USE FAIL2BAN ON PORT 22<\/a>.<\/p>\n<h3 style=\"text-align: justify;color: #ff9900\">Installing Fail2Ban on Ubuntu 14.04<\/h3>\n<p>We&#8217;ll also grab iptables-persistent to allow the server to automatically set up our firewall rules at boot. Fail2Ban can be installed using the following two commands on terminal:<\/p>\n<pre>sudo apt-get update\r\nsudo apt-get install iptables-persistent fail2ban sendemail \r\n<\/pre>\n<p>&nbsp;<\/p>\n<h3 style=\"text-align: justify;color: #ff9900\">Configuring Fail2Ban with Service Settings<\/h3>\n<p>Fail2Ban keeps its configuration files in <code>\/etc\/fail2ban<\/code> folder. The configuration file is <code>jail.conf<\/code> which is present in this directory. This file can be modified by package upgrades so we will keep a copy of it <code>jail.local<\/code> and edit it.<\/p>\n<pre>sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\r\nsudo vim \/etc\/fail2ban.local\r\n<\/pre>\n<p>There are different sections in Fail2Ban configuration files. The <strong>[DEFAULT]<\/strong> section is applied to all services enabled for fail2ban. If you want to ignore some particular ips by Fail2ban then you can enter it in the <strong>ignoreip<\/strong> section.<\/p>\n<pre>ignoreip=127.0.0.1\/8\r\n<\/pre>\n<p><strong>Bantime<\/strong> is the time for which the ip is banned by fail2ban. <strong>Findtime<\/strong> is the time for which the ips will be observed. <strong>Maxtry<\/strong> is the maximum try which will be given before blocking. These all resembles to a general situation of logging in online-banking in which after some insuccessful attempts you are blocked for a day.<\/p>\n<h3 style=\"text-align: justify;color: #ff9900\">Configuring mail settings in Fail2Ban<\/h3>\n<p>The mail settings are used to send an email whenever an ip is blocked by Fail2Ban. The mail settings can be configured by modifying the following variables:<\/p>\n<pre>destemail = fail2ban@localhost\r\nsendername = Fail2Ban_user\r\nmta = sendmail\r\n<\/pre>\n<p>The <strong>destemail<\/strong> must be set to the email-address at which the email is wish to be received. The <strong>sendername<\/strong> is set to Fail2Ban by default. The <strong>mta<\/strong> is the agent which you will use to send email. The other mta could be sendemail etc.<\/p>\n<p>If you would like to configure email alerts, you can change the value from <code>action_<\/code> to <code>action_mw<\/code>. If you want the email to include the relevant log lines, you can change it to <code>action_mwl<\/code>. Make sure you have the appropriate mail settings configured if you choose to use mail alerts.<\/p>\n<p>&nbsp;<\/p>\n<h3 style=\"text-align: justify;color: #ff9900\">Configuring Fail2Ban for Apache\/Nginx Web Server<\/h3>\n<p>To configure for Apache\/Nginx, edit the apache\/nginx section. The Apache section can be modified as :<\/p>\n<pre>enabled   = true\r\nport      = http,https\r\nfilter    = apache-auth\r\nlogpath   = \/var\/log\/apache*\/*error.log\r\nmaxretry  = 6\r\n<\/pre>\n<p>The apache\/nginx section can be modified according to the needs.<\/p>\n<h3 style=\"text-align: justify;color: #ff9900\">Restarting Fail2Ban service<\/h3>\n<p>&nbsp;<\/p>\n<pre>sudo service fail2ban stop\r\nsudo service fail2ban start\r\n<\/pre>\n<p>Now you are done. The fail2ban has been implemented. Try to logging in using invalid credentials . The ip will be blocked after some number of attempts and you will receive an email from fail2ban service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>FAIL2BAN Port 80\u00a0is used to protect sites from DOS Attacks.\u00a0Fail2ban scans log files (e.g. \/var\/log\/apache\/error_log) and bans IPs that show the malicious signs &#8212; too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary [&hellip;]<\/p>\n","protected":false},"author":163,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":85},"categories":[1174],"tags":[248,1713,1714,1705,1715],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/18408"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/163"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=18408"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/18408\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=18408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=18408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=18408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}