Created
December 15, 2023 00:59
-
-
Save GGontijo/cd5d0784a187e573fb580f080a1228ea to your computer and use it in GitHub Desktop.
fail2ban nginx ban scanners and unauthorized access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/fail2ban/filter.d/npm-auth.conf | |
| [INCLUDES] | |
| [Definition] | |
| failregex = ^ \[error\] \d+#\d+: \*\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\"]*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/fail2ban/jail.d/npm-auth.local | |
| [npm-auth] | |
| enabled = true | |
| chain=INPUT | |
| maxretry = 2 | |
| bantime = 168h #7 days | |
| findtime = 24h | |
| logpath =/root/nginx/data/logs/proxy-host-*_error.log | |
| action = iptables[name=npm, port=0:65353, protocol=tcp] | |
| telegram |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/fail2ban/filter.d/npm-error.conf | |
| [INCLUDES] | |
| [Definition] | |
| failregex = ^ \[warn\] \d+#\d+: \*\d+ using uninitialized "(.*?)" variable while logging request, client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/fail2ban/jail.d/npm-error.local | |
| [npm-error] | |
| enabled = true | |
| chain=INPUT | |
| maxretry = 1 | |
| bantime = 168h #7 days | |
| findtime = 72h | |
| logpath = /root/nginx/data/logs/proxy-host-*_error.log | |
| action = iptables[name=npm, port=0:65353, protocol=tcp] | |
| #telegram #Commented for my mental sanity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/fail2ban/filter.d/npm-redirect.conf | |
| [INCLUDES] | |
| [Definition] | |
| failregex = <HOST> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Configuration to ban anyone who falls into the nginx proxy manager default (unmapped subdomains or direct http access on public IP) | |
| #/etc/fail2ban/jail.d/npm-redirect.local | |
| enabled = true | |
| chain=INPUT | |
| maxretry = 1 | |
| bantime = 168h # 7 days | |
| findtime = 48h | |
| logpath = /root/nginx/data/logs/default-host_access.log | |
| action = iptables[name=npm, port=0:65353, protocol=tcp] | |
| #telegram #Commented for my mental sanity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment