Fail2ban jail to mitigate DoS attacks against Apache
Fail2ban jail to block DoS attacks against Apache Excerpt Using a Fail2ban jail to mitigate simple DoS attacks against Apache. # Block a single IP $ iptables -A INPUT -s <IP> -j DROP # Unblock it $ iptables -D INPUT -s <IP> -j DROP Recently, one of our shared hosting webservers got hit by a DoS attack. The attacker started a larger vulnerability scan against common Wordpress security issues. We already had common brute-force attack patterns on Wordpress covered by a custom Fail2Ban jail, which mainly trapped POST requests to xmlrpc.php or wp-login.php (the usual dumb WP brute-force attacks…). But this DoS attack had hundreds of customer sites as target and did not get trapped by our existing rules. After having blocked the attacker’s IP (glad this was no large-scale DDoS!), I wrote an extra Fail2Ban jail which traps such simple DoS attacks. It’s a very basic Fail2Ban jail that should cover common attacks and should not cause any false positives as it is only getting triggered by a large amount of failed GET requests. There are other good articles about setting up such Fail2Ban jails to block simple DoS, but they didn’t quite fit our needs: Using fail2ban to mitigate simple DOS attacks against apache (or why I am a terrible sysop) Install fail2ban to protect your site from DOS attacks Requirements What we would like to accomplish: