Nginx Monitor NGINX access logs for possible DDoS attempts and auto temp-ban?

Hi, I'm not sure if my memory serves me right, but a couple years ago I recall Centmin used to have something that could be configured to auto temp-ban possible DDoS attempts by actively monitoring Nginx's access logs..?
I recall it would simply temporarily push the detected IPs into CSF deny list or something.

---

It was something that I used to have on a server I managed over 4-5 years ago, but not in the new one I setup since 2-3 years ago, since I decided to rely entirely on Cloudflare for that matter.
But I was recently banned from Cloudflare, so I'd like to look into that thing again.
Unfortunately I can't remember what it was, but I'm pretty sure I also used Centmin back then, so I'm not sure..
Any insights would be appreciated! Thanks!

 

Oh, found it!
It was fail2ban, and the integration was indeed something cooked up by eva, centminmod/centminmod-fail2ban.
But I'm not sure if it's still recommended for use? I can't find any mention of it on centminmod.com.
I was expecting some sort of "official" guides or something

 

Okie dokie, I found this Security - CSF Firewall native fail2ban functionality and have set that one up instead *crosses fingers*

 

The whole fiery.me was on Cloudflare, but I had a page rule specifically for subdomain i.fiery.me to "cache everything". That's the subdomain that's used to serve any files uploaded into my public uploader site.
So main site, including the uploader itself, was caching html/css/js normally, just like typical Cloudflare's use case, but over 90% of my bandwidth usage came from serving the uploaded files through i.fiery.me to begin with, lul
My uploader's user CP would call Cloudflare API to purge cache of any files the users wanted to delete, to make things remain up-to-date even if Cloudflare cached everything

Basically I was abusing it to the max, so it was somewhat within my expectations
The reason they gave for my ban was indeed the things related to caching videos and all that stuff anyway
I believe I had a lot of users uploading pretty big videos

I even allowed max file of up to 512MB, which was Cloudflare's max size per file to be cached
And my users certainly didn't shy away from uploading those big files, lmao

 

Can confirm it also appears to be working well so far
It seems I was indeed hit by some sort of bots or something, as within the first 12 or so hours I set it up, it managed to temp-ban 6 different IPs from reaching zone limit, using the same threshold as the gist file
I had my zone limit follow centmin's default of 16 concurrent connections, which should've been a lot already imho