Deprecated: Return type of Requests_Cookie_Jar::offsetExists($key) should either be compatible with ArrayAccess::offsetExists(mixed $offset): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Cookie/Jar.php on line 63

Deprecated: Return type of Requests_Cookie_Jar::offsetGet($key) should either be compatible with ArrayAccess::offsetGet(mixed $offset): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Cookie/Jar.php on line 73

Deprecated: Return type of Requests_Cookie_Jar::offsetSet($key, $value) should either be compatible with ArrayAccess::offsetSet(mixed $offset, mixed $value): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Cookie/Jar.php on line 89

Deprecated: Return type of Requests_Cookie_Jar::offsetUnset($key) should either be compatible with ArrayAccess::offsetUnset(mixed $offset): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Cookie/Jar.php on line 102

Deprecated: Return type of Requests_Cookie_Jar::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Cookie/Jar.php on line 111

Deprecated: Return type of Requests_Utility_CaseInsensitiveDictionary::offsetExists($key) should either be compatible with ArrayAccess::offsetExists(mixed $offset): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php on line 40

Deprecated: Return type of Requests_Utility_CaseInsensitiveDictionary::offsetGet($key) should either be compatible with ArrayAccess::offsetGet(mixed $offset): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php on line 51

Deprecated: Return type of Requests_Utility_CaseInsensitiveDictionary::offsetSet($key, $value) should either be compatible with ArrayAccess::offsetSet(mixed $offset, mixed $value): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php on line 68

Deprecated: Return type of Requests_Utility_CaseInsensitiveDictionary::offsetUnset($key) should either be compatible with ArrayAccess::offsetUnset(mixed $offset): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php on line 82

Deprecated: Return type of Requests_Utility_CaseInsensitiveDictionary::getIterator() should either be compatible with IteratorAggregate::getIterator(): Traversable, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /www/webvol14/so/emm9jypq7227iqw/linuxkitchen.com/public_html/wp-includes/Requests/Utility/CaseInsensitiveDictionary.php on line 91
Apache+fail2ban+apache-badbots – Linux, Windows, Heklanje, Kuhinja

Kako zaustaviti botove (videti raniji post za definiciju)?
Paziti na koje logove je uperen fail2ban za Apache botove! Kod mene je uperen na sve logove tipa access koji su vezani za Apache (to uključuje i SquirrelMail access log).
Kako izgleda definicija u /etc/faiul2ban/jail.conf (deo za badbots) :
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port=”http,https”]
sendmail-buffered[name=BadBots, lines=5, dest=admin-postmaster@moj.domen]
logpath = /var/log/httpd/*access_log
bantime = 600
maxretry = 1

I kako izgleda sam konfiguracioni fajl /etc/faiul2ban/filter.d/apache-badbots.conf :
[Definition]
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
badbots = atSpider/1\.0|autoemailspider|China Local Browse 2\.6|ContentSmartz|DataCha0s/2\.0|DataCha0s/
2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DS
urf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Frankli
n Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Industry Program 1\
.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsC
rawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LWP\:\:Simple/5\.803|Mac Finder 1\.0\
.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control – 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missi
gua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|Mozilla/2\.0 \(compatible; NEW
T ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/4\.0 \(compatible; Advanced Email
Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0
\(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Versio
n\: xxxx Type\:xx\)|MVAClient|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Hur
on Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PS
urf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@googl
e\.com|sogou spider|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.
0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|WebVulnCrawl\.blogspot\.com/1\.0 libwww-perl/5\.803|Wells
Search II|WEP Search 00
failregex = ^ -.*”(GET|POST).*HTTP.*”(?:%(badbots)s|%(badbotscustom)s)”$
ignoreregex =

Kako proveriti da li se apache-badbots podigao :
# iptables -nvL
……
Chain fail2ban-BadBots (1 references)
pkts bytes target prot opt in out source destination
……

Kako testirati :
# fail2ban-regex ‘1.2.3.4 – – [12/Feb/2013:10:53:59 +0100] “GET / HTTP/1.1 200” 39460 “-” “autoemailspider”‘ /etc/fail2ban/filter.d/apache-badbots.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/apache-badbots.conf
Use single line: 1.2.3.4 – – [12/Feb/2013:10:53:59 +0100] “GET / HT…
…..
`- Number of matches:
[1] 1 match(es)
….
Addresses found:
[1]
1.2.3.4 (Tue Feb 12 10:53:59 2013)
…..

By velda