[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Getting git errors with http URLs

From: Bob Proulx
Subject: Re: [Savannah-hackers-public] Getting git errors with http URLs
Date: Sun, 19 Aug 2018 14:37:28 -0600
User-agent: Mutt/1.10.1 (2018-07-13)

Bob Proulx wrote:
> ... distributed attacks such as this they can be quite difficult to
> avoid.  I started looking in depth last night but unfortunately my
> first attemps to mitigate this didn't help significantly.

It looks like I was actually making some headway.  I am tweaking
fail2ban to detect the IP addresses used in the attack and having it
block those addresses.  However one danger I am tyring to avoid is
blocking valid users.  But anyway this is the current block stats at
this time.

address@hidden:~# fail2ban-client status nginx-viewvc
Status for the jail: nginx-viewvc
|- filter
|  |- File list:        /var/log/nginx/access.log 
|  |- Currently failed: 6
|  `- Total failed:     66586
`- action
   |- Currently banned: 1
   |  `- IP list:       ...
   `- Total banned:     3371

address@hidden:~# fail2ban-client status nginx-cgit
Status for the jail: nginx-cgit
|- filter
|  |- File list:        /var/log/nginx/access.log 
|  |- Currently failed: 912
|  `- Total failed:     267559
`- action
   |- Currently banned: 510
   |  `- IP list:       ...
   `- Total banned:     40454

40454 plus 3371!  Some offenders do repeat.  A quick scan shows 9428
unique addresses in the attack.

The above has only been running overnight.  Yet even though it is
making headway it is still not agressive enough.  Tweaking.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]