• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Set Up mod_security And fail2ban To Create Anti-Spam Filter

By Abhishek Ghosh November 25, 2018 6:38 pm Updated on November 25, 2018

Set Up mod_security And fail2ban To Create Anti-Spam Filter

Advertisement

It is common for the blogs, forums to face malicious web traffic on regular basis. This malicious traffic not only harmful by simply wasting server resources, slowing down the site but also can lead to ban by third party Advertisement networks, such as Google AdSense. Here is How To Set Up mod_security And fail2ban To Create Anti-Spam Filter For Web Software Auch as WordPress, Forum Software on Debian/Ubuntu Server. Method to setup on REHL/CentOS is slightly different. We are taking it granted that Apache is already installed and running in some method like our guide on installing Apache, in the same way fail2ban also installed and running in some method like our guide on installing fail2ban. We have a separate guide on WordPress Brute Force And Mod Security.

Set Up mod_security And fail2ban To Create Anti-Spam Filter

 

Steps To Set Up mod_security And fail2ban

 

In easy way, we have to do the following step :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
apt update
apt upgrade
apt install apache2 -y
sudo systemctl enable apache2.service
sudo systemctl start apache2.service
sudo a2enmod headers
apt install libapache2-modsecurity
# sudo a2enmod mod-security
sudo a2enmod security2
apachectl -M | grep security
# output
## security2_module (shared)

We need to enable the mod_security rules. We will copy the mod_security configuration file, edit it and set the SecRuleEngine option to On:

Advertisement

---

Vim
1
2
sudo cp /etc/modsecurity/modsecurity.conf{-recommended,}
sudo nano /etc/modsecurity/modsecurity.conf

Change these settings :

Vim
1
2
3
4
5
...
SecRuleEngine On
...
SecResponseBodyAccess Off
…

mod_security rules are available in following directories:

Vim
1
2
3
/usr/share/modsecurity-crs/base_rules
/usr/share/modsecurity-crs/optional_rules
/usr/share/modsecurity-crs/experimental_rules

To enable all CRS base rules, create symbolic links :

Vim
1
sudo ln -s /usr/share/modsecurity-crs/base_rules/*.conf /usr/share/modsecurity-crs/activated_rules/

CRS optional and experimental rules needs separate symbolic links (not shown here).

We can configure and enable the Open Web Application Security Project (OWASP) core rule set:

Vim
1
2
3
4
5
apt install git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
mv owasp-modsecurity-crs /usr/share/modsecurity-crs
mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Edit the /etc/apache2/mods-enabled/security2.conf file:

Vim
1
/etc/apache2/mods-enabled/security2.conf

Add the lines at the end:

Vim
1
2
IncludeOptional "/usr/share/modsecurity-crs/*.conf
IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf

Restart Apache:

Vim
1
systemctl restart apache2

You need to read more information on how to configure and use mod_security from official documentation. Install the mod_evasive module using the following command:

Vim
1
2
apt-get install libapache2-mod-evasive
sudo a2enmod evasive

Open mod-evasive.conf file, configure mod_evasive module:

Vim
1
nano /etc/apache2/mods-available/mod-evasive.conf

Change the values like this :

Vim
1
2
3
4
5
6
7
8
9
...
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 30
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 3600
DOSLogDir /var/log/apache2/mod_evasive.log
...

Save that file. Create a log file for mod_evasive, give proper permission and restart Apache :

Vim
1
2
3
touch /var/log/apache2/mod_evasive.log
sudo chown www-data:www-data /var/log/apache2/mod_evasive.log
systemctl restart apache2

Read README file in the mod_evasive module for details on the various configuration parameters. We can configure fail2ban with mod security reading official guide :

Vim
1
http://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_ModSecurity2.5

When configuring fail2ban, you can test a failregex and ignoreregex patterns, against the mod_security logfile before activating the fail2ban mod_security filter:

Vim
1
2
fail2ban-regex /var/log/apache2/modsec_audit.log "FAIL_REGEX" "IGNORE_REGEX"
fail2ban-regex /var/log/apache2/modsec_audit.log "\[.*?\]\s[\w-]*\s<HOST>\s" "\[.*?\]\s[\w-]*\s<HOST>\s"

Sometimes, we need to un-ban an IP address, we can list of all current rules and check blocked IPs:

Vim
1
iptables -L -n

You can extract the IP address from this list :

Vim
1
iptables -L -n | grep DROP | sed 's/.*[^-]--\s\+\([0-9\.]\+\)\s\+.*$/\1/g'

We can pass it to perform the unbanning :

Vim
1
iptables -L -n | grep DROP | sed 's/.*[^-]--\s\+\([0-9\.]\+\)\s\+.*$/\1/g' | xargs -i{} iptables -D fail2ban-ModSec -s {} -j DROP

This Article Has Been Shared 799 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Set Up mod_security And fail2ban To Create Anti-Spam Filter

  • Cloud Computing : Dedicated Cloud Hosting or Virtual Dedicated

    Cloud Computing gives us lot of flexible plans to choose from which includes Dedicated Cloud Hosting. Which is better and which has to be chosen when?

  • Cloud Computing Agility : The Converged Technologies

    Cloud Computing Agility is a characteristic feature of Cloud which allows to gain the speed in development and deployment of applications and Services.

  • Rackspace Cloud Versus Amazon : Head to Head Comparison

    Rackspace Cloud Versus Amazon or rather why you will go for Rackspace or Amazon for Private Cloud,Public Cloud,Storage, Network services or any managed service.

  • Adding Schema.org Structured Data in Genesis Theme

    Adding Schema.org Structured Data in Genesis Theme without using any plugin is quite easy as Genesis has great documentation and has excellent existing markups.

  • Red Hat OpenShift PaaS Out From Beta : Plans and Features

    Red Hat OpenShift PaaS is now officially out of their Beta. Obviously our favorite Free Tier of usage is remaining plus you can opt for official paid support.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Four Foolproof Tips To Never Run Out Of Blog Ideas For Your Website March 28, 2023
  • The Interactive Entertainment Serving as a Tech Proving Ground March 28, 2023
  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023
  • Advantages of Cloud Server Over Dedicated Server for Hosting WordPress March 26, 2023
  • Get Audiophile-Grade Music on Your Smartphone March 25, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Set Up mod_security And fail2ban To Create Anti-Spam Filter," in The Customize Windows, November 25, 2018, March 29, 2023, https://thecustomizewindows.com/2018/11/set-up-mod_security-and-fail2ban-to-create-anti-spam-filter/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT