Fail2Ban to protect Apache from brute force?
Have had a Linode setup with 4 boxes for years and have just started over using CentOS instead of Debian. The problem is since we started with our two new app servers we started to get very high load from time to time, but on a daily basis. The reason is brute force attacks after investigating the logs:
No. Requests IP
53,669 95.109.112.32
44,090 88.129.204.3
24,419 89.150.226.73
All this in a period of 5-10 minutes, and daily (but from different IPs).
Googled a bit and found this:
Does anyone have experience using Fail2Ban for protecting apache?
Using CSF firewall and LFD to block login attempts via SSH, but LFD has (as far as I know) no way to secure Apache from attacks.
Need advise in this matter. Thanks!
5 Replies
Will give it a try on one of the app servers, to see if performance improves.
Good luck!
this apache configuration
If you have more serious problems, I strongly suggest you get a load balancer behind cloudflare (or similar service) and to also contact linode support, who in turn can get in touch with the data centre people, for better DDoS protection.
I also did the same for a few other common 'bad' URL's I was seeing in the logs, and set up permanent 403's in apache config for things like xmlrpc.php.
You might be able to use similar techiques for your app,
Cheers
Neil