I'm using fail2ban to keep the bandits off my server. It's great!
But there are so many bots that just keep poking at the server that I want to permanently ban them after a few repeated attempts.
Other solutions on the web involve added fail2ban jail scripts that add the offending IP's to the existing list of iptables rules. I am trying a simpler solution:
- Parse through the fail2ban logs,
- get the repeatedly banned IP's, and
- append them to /etc/hosts.deny.
I will try the following script first, and see if it takes. If it's effective, I'll just add it to a crontab.
for addr in $(sort -k 8,8 /var/log/fail2ban.log | \
awk '$3 ~ "fail2ban.actions" && $7 == "Ban" { print $8 }' | \
uniq -c | \
awk '$1 > 2 {print $2}')
do
grep -q $addr /etc/hosts.deny || echo "ALL: $addr" >> /etc/hosts.deny
done
- Log in to post comments