Opened 5 months ago

Closed 5 months ago

#13620 closed Bug/Something is broken (fixed)

add new badbot

Reported by: https://id.mayfirst.org/jamie Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: badbots fail2ban Cc: jaimev@…
Sensitive: no

Description

I banned the IP address of a bot identified in the logs as: "MauiBot (crawler.feedback+wc@…)"

It was pounding legitgov on june causing a headache.

I was going to add it to our list of bad bots to ban, but got confused by the filter.d/mf-apache-badbots.conf file.

What is the difference between the badbostcustom line and the badbots line?

Change History (5)

comment:1 Changed 5 months ago by https://id.mayfirst.org/jamie

  • Cc jaimev@… added
  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

I can add the badbot to the puppet file but wanted to check with you Jaime to ensure I am doing it right.

comment:2 Changed 5 months ago by https://id.mayfirst.org/jaimev

You can add a new pattern to the badbotscustom variable in the file mf-apache-badbots.conf via puppet My thought process in #11508

comment:3 Changed 5 months ago by https://id.mayfirst.org/jamie

Sorry to be dense... even after reading that ticket I'm still struggling to understand why we would add something to the badbotscustom variable vs the badbots variable. It seems that this is the regular expression:

failregex = ^<HOST> -.*(?:%(badbots)s|%(badbotscustom)s)

It seems like the regular expression simply combines the two variables together but basically treats them the same way?

comment:4 Changed 5 months ago by https://id.mayfirst.org/jaimev

Oh no reason, really. The bad bots variable was the original list that came with fail2ban badbots.conf I just ecided to leave that as is. It isn't actually necessary to do it that way.

comment:5 Changed 5 months ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to closed

Ah - that makes sense. Just added to puppet.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.