Search
Home Uncategorized

How to prevent 404 attacks in Apache Web server using fail2ban?

Prashant Suthar

How to prevent 404 attacks in Apache Web server using fail2ban?

404 attacks are a good option for hackers. they use this as a DDoS tool. Fail2ban helps to prevent that attacks.

Fail2ban frequently checks apache2 logs and detects 404 HTTP request codes based on regex conditions. Fail2ban block those IP for some time to prevent them from attacking the server.

Let’s start to prevent 404 attacks in the Apache Web server using Fail2ban

Prerequisites
– Ubuntu 18.04 with SSH access.
( Currently, I’m using this Ubuntu 18.04 version for testing )

How to prevent 404 attacks in Apache Web server using fail2ban?

Update your package for Ubuntu & Installing Fail2ban in Ubuntu.

sudo apt-get update
sudo apt-get install fail2ban

Now, We have to create a custom jail local file to prevent 404 attacks in the apache web server.

Let’s set up Fail2ban to detect Apache 404 attacks.

1. Create a filter
2. Create a custom jail
3. Verify Fail2ban status
4. Verify Fail2ban Apache 404 attacks.

Create Filter
Let’s move to /etc/fail2ban/filter.d
/etc/fail2ban/filter.d
Here we can create a filter to detect Apache 404 errors.

We have to monitor Apache 404 errors. So create a server with prevent-apache-404.conf at the location of /etc/fail2ban/filter.d

Here is an example of regex for detecting Apache 404 errors.
failregex = ^.*"(GET|POST|HEAD).*" (404|444|403|400) .*$
ignoreregex =
Create a custom jail
Create a new custom jail configuration file at /etc/fail2ban/jail.conf
 
sudo nano /etc/fail2ban/jail.local
Create a new file using jail.local name. Add the below configuration to the /etc/fail2ban/jail.local
[prevent-apache-404]
enabled   = true
port      = http,https
filter    = prevent-apache-404
logpath   = /var/log/apache*/*access.log
findtime  = 600
maxretry  = 4
Let’s restart Fail2ban and check the status
sudo service fail2ban stop
sudo service fail2ban start
sudo service fail2ban status
sudo fail2ban-client status
sudo fail2ban-client status prevent-apache-404
Output
Status for the jail: prevent-apache-404
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	80
|  `- File list:	/var/log/apache2/other_vhosts_access.log
`- Actions
   |- Currently banned:	1
   |- Total banned:	9
   `- Banned IP list:	xxx.xxx.xxx.xxx
Verify Firewall rules
iptables -nL
If you want to check logs for Fail2ban actions.
sudo nano /var/log/fail2ban.log

Bingo, now you are safe using Fail2ban from 404 attacks in the Apache Web server.

I hope you like this article. Keep visiting my website for more upcoming articles. If you need any help with How to prevent 404 attacks in the Apache Web server using fail2ban? you can contact me. You can ask me questions in the comments also. You can connect me on social media as well as links are below in the footer section. Keep connected. Happy Coding.

Prashant Sutharhttps://prashantsuthar.com
My self Prashant Suthar, I had experience worked with NodeJS, Core PHP, WordPress, CodeIgniter, Shopify, Prestashop, Opencart and many frameworks. I had some basic knowledge about server setup and maintenance. I also worked with third parties APIs like Twillio audio,video, SMS API, FB messenger API and many more. I am working as team lead & sr. developer in Ahmedabad, GJ, IN.
Previous articleHow to change Open file limit ( ulimit -n ) on ubuntu 18.04
Next articleHow to create PDF using puppeteer on Azure Functions.

Comments

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Add me on

About Author

Prashant Suthar
My self Prashant Suthar, I had experience worked with NodeJS, Core PHP, WordPress, CodeIgniter, Shopify, Prestashop, Opencart and many frameworks. I had some basic knowledge about server setup and maintenance. I also worked with third parties APIs like Twillio audio,video, SMS API, FB messenger API and many more. I am working as team lead & sr. developer in Ahmedabad, GJ, IN.

Categories

Similar Articles

GCP

How to use Google Cloud PubSub with a Node.js Application

Prashant Suthar - 0
How to use Google Cloud PubSub with a Node.js ApplicationGoogle Cloud Pub/Sub is a messaging service that allows applications to communicate with each other...
Read more
Uncategorized

How to create PDF using puppeteer on Azure Functions.

Prashant Suthar - 0
How to create PDF using puppeteer on Azure Functions. One of the most popular tools for creating PDFs is Puppeteer, which is also required by...
Read more
AWS

How to change Open file limit ( ulimit -n ) on ubuntu 18.04

Prashant Suthar - 0
How to change Open file limit ( ulimit -n ) on ubuntu 18.04So, let's start the article for How to change Open file limit...
Read more
linux

How to install Nginx on ubuntu 18.04

Prashant Suthar - 0
How to install Nginx on ubuntu 18.04So, let's start the article for how to install Nginx on ubuntu 18.04 Prerequisites - Ubuntu 18.04 with SSH access.NOTE:...
Read more

Copyright @PrashantSuthar | Made with in India