Hello, does anyone have and use fail2ban to protect against dos/ddos attacks? I’m looking for a fairly correct configuration. Maybe someone has a fairly good configuration?
Are you having trouble with it?
I have a problem with the module:
[apache-shellshock]
enabled = true
port = http,https
filter = apache-shellshock
logpath = /var/log/apache2/domains/test.log
maxretry = 2
bantime = 1h
findtime = 600
it throws an error:
2024-10-22 08:46:57,904 fail2ban.filter [461900]: WARNING [apache-shellshock] Simulate NOW in operation since
found time has too large deviation None ~ 1729579617.9047058 +/- 60
2024-10-22 08:46:57,904 fail2ban.filter [461900]: WARNING [apache-shellshock] Please check jail has possibly
a timezone issue. Line with odd timestamp: 10.0.0.230 - - [22/Oct/2024:08:46:57 +0200] “GET / HTTP/1.0” 200 3056 “-”
“() { :;}; /bin/bash -c ‘echo vulnerable’”
Due to this bug it does not block test attacks.
Time is definitely synchronized well.
I am looking for the cause, but various solutions found do not work.