Ok, thanks, with IPS 4.x as well ? yes :) Just looking for a way to try to stop layer 7 attacks :)
I don't use email alerts with fail2ban. I don't see a need for it. I have alerts configured for load thought. If the load of my server rises to a value told, it will send me an email.
just use monitoring services like Nginx Amplify, nixstats or nodequery Monitoring Server Statistics & Uptime - Centmin Mod LEMP Web Stack for CentOS Nginx - Nginx Amplify Open Source Monitoring Service | Centmin Mod Community
I used to use nodequery, gave up with it in the end, too many false positive and found it unreliable, found amplify so far to be excellent, just waiting for it to become paid for (like mandrill did)
yeah nodequery has more false positives for downtime alerts but rest is okay i.e. cpu/mem etc nixstats i like the most
Hi People, Just want to let people know the Pinterest Bot it insane these days. It was using a tonne of CPU as it crawled a couple of sites. In fact, it ended up being Blocked by Cloudflare. I've included it in the bot filter and set it to '2' so I'll keep monitoring it. This is a great command you can try if you are/have been/or suspect you've been Brute Farce/DDoS attacked. View top 20 URL's being hit on ALL your websites by single IP's: grep "`date +%d/%b/%Y`" /home/nginx/domains/*/log/access.log | awk '{print $1, $6 "" $7}' | sort | uniq -c | sort -gr | head -n 20 Using the above command will show something like this: Hits | Access log | IP | URL Request 14922 /home/nginx/domains/{domain.com}/log/access.log:5.8.18.14 "GET/rss/catalog/notifystock/ 9780 /home/nginx/domains/{domain.com}/log/access.log:85.93.20.66 "GET/rss/catalog/notifystock/ 5520 /home/nginx/domains/{domain.com}/log/access.log:181.214.87.21 "GET/rss/catalog/notifystock/ As you can see I was hit by a known attack on a known Magento Brute Force Attack URL. Then you can check the suspicious IP's here before you block them: 5.8.18.14 | CloudBS Ltd. | AbuseIPDB