IF(A73X) {TRUE;}

Usage:
Run the script periodically using a cron job (Linux) or Task Scheduler (Windows) to handle blocking and removal of expired blocks.

Ensure paths to logs and other configurations are updated to reflect your actual setup.

<?php

// Cloudflare API settings

$apiKey = "your_cloudflare_api_key"; // Global API Key

$authEmail = "your_cloudflare_email"; // Cloudflare account email

$zoneID = "your_zone_id"; // Zone ID

$logPath = "C:pathtoaccess.log"; // Path to Apache access log

$blockLogPath = "C:pathtoblock.log"; // Path to log block actions

$blockRemoveLogPath = "C:pathtoblock_remove.log"; // Path to log block removal actions

$threshold = 10; // Number of 404s to trigger a block

$timeWindowMinutes = 10; // Time window in minutes for analysis

$blockDurationHours = 1; // Duration to block IP in hours

// Current timestamp minus time window (in seconds)

$timeWindow = time() - ($timeWindowMinutes * 60);
// Function to log messages to a file

function logMessage($message, $logFilePath) {

    $timestamp = date('Y-m-d H:i:s');

    file_put_contents($logFilePath, "[$timestamp] $message" . PHP_EOL, FILE_APPEND);

}

[Read more...]

				

Modify the Fail2ban Action:

[Definition]
actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/firewall/access_rules/rules" 
-H "X-Auth-Email: [email protected]" 
-H "X-Auth-Key: your-global-api-key" 
-H "Content-Type: application/json" 
--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban block"}'

Fail2ban actionunban

[Definition]
actionunban = bash -c '
RULE_ID=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/firewall/access_rules/rules" 
-H "X-Auth-Email: [email protected]" 
-H "X-Auth-Key: your-global-api-key" 
-H "Content-Type: application/json" | jq -r ".result[] | select(.configuration.value == "<ip>") | .id") && 
curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/YOUR_ZONE_ID/firewall/access_rules/rules/$RULE_ID" 
-H "X-Auth-Email: [email protected]" 
-H "X-Auth-Key: your-global-api-key" 
-H "Content-Type: application/json"'

[Read more…]

Requirements
IPBan free version requires .NET 8 SDK to build and debug code. For an IDE, I suggest Visual Studio Community for Windows, or VS code for Linux. All are free. You can build a self contained executable to eliminate the need for dotnet core on the server machine, or just download the precompiled binaries in releases.
Running and/or debugging code requires that you run your IDE or terminal as administrator or root.
Officially supported platforms:
Windows 10 or newer (x86, x64)
Windows Server 2016 or newer (x86, x64)
Linux Ubuntu x64 (requires firewalld)
Linux Debian x64 (requires firewalld)
Linux CentOS x64 (requires firewalld)
Linux RedHat x64 (requires firewalld)
Mac OS X not supported at this time

Features
Auto ban ip addresses by detecting failed logins from event viewer and/or log files. On Linux, SSH is watched by default. On Windows, RDP, OpenSSH, VNC, MySQL, SQL Server, Exchange, SmarterMail, MailEnable are watched. More applications can easily be added via config file.
Additional recipes for event viewer and log files are here: https://github.com/DigitalRuby/IPBan/tree/master/Recipes
Highly configurable, many options to determine failed login count threshold, time to ban, etc.
Make sure to check out the ipban.config file (formerly named DigitalRuby.IPBan.dll.config, see IPBanCore project) for configuration options, each option is documented with comments.
Banning happens basically instantly for event viewer. For log files, you can set how often it polls for changes.
Very fast - I’ve optimized and tuned this code since 2012. The bottleneck is pretty much always the firewall implementation, not this code.
Unban ip addresses easily by placing an unban.txt file into the service folder with each ip address on a line to unban.
Works with ipv4 and ipv6 on all platforms.
Please visit the wiki at https://github.com/DigitalRuby/IPBan/wiki for lots more documentation.
[Read more…]

THE NEW ACTIONBAN COMMAND
The new actionban command for CloudFlare IP address blocking is as follows…

actionban = curl -s -X POST https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules 
	-H "Authorization: Bearer <cfkey>" -H "Content-Type: application/json" 
	--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Banned by Fail2Ban"}'

THE NEW ACTIONUNBAN COMMAND
[Read more…]

Add the following new file named nginx-4xx.conf to /etc/fail2ban/filter.d/

[Definition] 
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$ 
ignoreregex =

Now, open /etc/fail2ban/jail.conf and add the following block of code to the end of the file.

[nginx-4xx] 
enabled = true 
port = http,https 
filter = nginx-4xx 
logpath = /var/log/nginx/access.log 
bantime = 1800 
findtime = 60
maxretry = 5

[Read more…]

Step 1. First, make sure that all your system packages are up-to-date by running these following apt commands in the terminal.

sudo apt update
sudo apt upgrade

Step 2. Installing ModSecurity Apache on Ubuntu 20.04.

Now we install the mod security package on the Ubuntu system using the following command:

sudo apt install libapache2-mod-security2

Restart apache service to take mod-security module into account:

sudo systemctl restart apache2

Step 3. Configuration of ModSecurity.

We’ve to start the configure of mod security. you can find the location at /etc/modsecurity:

sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Next, download the OWASP ModSecurity CRS from Github:

cd ~
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Then, move and rename crs-setup.conf.example to crs-setup.conf. Also, move rules/ directory as well:

cd ~/owasp-modsecurity-crs
sudo mv crs-setup.conf.example /etc/modsecurity/crs-setup.conf
sudo mv rules/ /etc/modsecurity/

To get these rules working on Apache, you should edit the /etc/apache2/mods-available/security2.conf file:
[Read more…]

Open a terminal application or login to your server over the ssh session using ssh command. Open php.ini file using a text editor such as vim command or nano command:

$ sudo nano /etc/php.ini

Find disable_functions and set new list as follows:

# list of function to disable globally #
disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

I also recommend to disable allow_url_include and allow_url_fopen for security reasons:

allow_url_fopen=Off
allow_url_include=Off
open_basedir = /var/www:/var/..

Save and close the file. Restart

# service apache2 restart