This website is hosted on my own dedicated server (a kimsufi) and like every server, it’s getting regularly attacked.
To identify those attacks, I needed to add a layer of security to ban recurrent attempt, this layer is Fail2ban. It’s a widely known and recognized python script that analyses your log file to ban repetitive failed authentication.
I had enough of getting the same IP banned, and found only a simple script that add a new action to fail2ban: Tarpit.
If you are not sure what the tarpit target is or why you would want to use it, a basic explanation is that you send unwanted TCP traffic to the tarpit target with iptables. All connections are accepted and immediately switched to the persist state. The remote side stops sending data and asks to continue every 60-240 seconds and attempts to close the connections from the remote side are ignored. The connection will then timeout in 12-24 minutes.
# Multi Ban
# 3 ban in 24 hour & Ban for 1 week
enabled = true
filter = ban
logpath = /var/log/fail2ban.log
maxretry = 3
findtime = 86400
#action = iptables-allports[name=multiban]
action = iptables-tarpit[name=multiban]
bantime = 604800
And the filter used to check for previous ban:
# Fail2Ban configuration file
# Author: Nicolargo
# Option: failregex
# Filter Ban in the fail2ban.log
failregex = .*Ban\ <HOST>
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
I was basically born with a computer; I've been dabbling with computers since I was six years old. I love technology and do my best to share all that I learn in this blog. Here, you'll find posts about the tech I use, or have used, and the various projects I work on. It'll always be related to technology in some way or another. Read More…
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Cookies are used for ads personalisation.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.