securityapache2ddosdenial-of-servicefail2ban
Trigger fail2ban for IPs with a lot of simultaneous connections
we are having a server with much traffic. Since yesterday, we are being attacked (probably) by an automated botnet, where IPs are opening thousands of simultaneous connections at the same time. That's really drowning resources and we tried something with fail2ban to prevent this, but no success yet.
I hope you can help!
We are running on a Debian 9.8 with apache2 and fail2ban.
Solution
This all depends on what your /etc/fail2ban/jail.local looks like.
It should be setup to block that IP after 3 attempts. For example:
# "bantime" is the number of seconds that a host is banned.
bantime = 6000
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 60
maxretry = 3
Note, the above denotes, if an attempt is made 3 times in 60seconds, then "ban" add to jail for 100minutes.
bantime = -1
A bantime of -1 means a Permanent ban.
- Secure Memory Allocator in C++
- Securing JWT tokens against attackers
- How to deal with a slow SecureRandom generator?
- CryptographicException: Access denied - How to give access on User store?
- Implementing Custom Expression Handling with Spring Security 6
- Restricting access to static files in Django/Nginx
- Does RabbitMQ allow Audit Logging
- Powershell Set-MpPreference -DisableRealtimeMonitoring $true not working correctly
- Why are iframes considered dangerous and a security risk?
- Secure Google Cloud Functions http trigger with auth
- How do I get the currently loggedin Windows account from an ASP.NET page?
- Error Importing SSL certificate : Not an X.509 Certificate
- Full text search on encrypted data
- It is necessary to send the JWT token from the browser page to the server
- Is it possible to use double @ in an email address?
- How to replicate the RuntimeDefault seccompProfile in Kubernetes to run in Docker?
- Difference between processes running in kernel mode and running as root?
- Why is it okay to transmit authentication/session cookies over plaintext?
- How to handle .env.local in a next js typescript file?
- How does Maven 3 password encryption work?
- Do we need encrypt session id before saving it into database
- Any point in using a paid threat intelligence service over Google's Lookup API for detecting malicious URLs?
- How to securely update configuration for root password in yocto?
- how to secure and encrypt setting.xml paswords file in maven?
- How to convert a PKCS#8 encoded RSA key into PKCS#1 in Java?
- Vector securely erasing its memory
- How to safely run user-supplied Javascript code inside the browser?
- curl - Is data encrypted when using the --insecure option?
- ZAP Dynamic SSL certificate option is not available
- how to implement the Eurion constellation security measure