hello!
I wanted to activate the protection offered by abuseipdb but the hestia files are customized. I should put the following line in jail.local but I don’t know where
action_abuseipdb = abuseipdb
and then I don’t know if I should do anything else… has anyone activated it and can guide me?
thanks
Hi @servtelecom
But keep in mind that what you want to do using fail2ban action won’t protect you, only will report to abuseipdb the ips catched by other fail2ban jails.
If you want to be protected by abuseipdb, you should add an ipset with abuseipdb list and then add a firewall rule to drop connections from that ipset.
I use this repo to get the abuseipdb list:
Example adding to Hestia the list for abuseipdb-s100-14d (100% confident for last 14 days)
1.- Add the ipset abuseipdb and mark it to auto-update:
v-add-firewall-ipset abuseipdb "https://raw.githubusercontent.com/borestad/blocklist-abuseipdb/main/abuseipdb-s100-14d.ipv4" v4 yes yes
2.- Add the DROP rule.
v-add-firewall-rule DROP ipset:abuseipdb 0 TCP "abuseipdb"
And that’s all, all ips listed by the abuseipdb will be dropped when trying to reach your server. And as I said, the list will be auto-updated so you don’t need to do anything else.
Wow it stopped the attack instantly! incredible!
Thank you very much!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.