• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Set Up mod_security And fail2ban To Create Anti-Spam Filter

By Abhishek Ghosh November 25, 2018 6:38 pm Updated on November 25, 2018

Set Up mod_security And fail2ban To Create Anti-Spam Filter

Advertisement

It is common for the blogs, forums to face malicious web traffic on regular basis. This malicious traffic not only harmful by simply wasting server resources, slowing down the site but also can lead to ban by third party Advertisement networks, such as Google AdSense. Here is How To Set Up mod_security And fail2ban To Create Anti-Spam Filter For Web Software Auch as WordPress, Forum Software on Debian/Ubuntu Server. Method to setup on REHL/CentOS is slightly different. We are taking it granted that Apache is already installed and running in some method like our guide on installing Apache, in the same way fail2ban also installed and running in some method like our guide on installing fail2ban. We have a separate guide on WordPress Brute Force And Mod Security.

Set Up mod_security And fail2ban To Create Anti-Spam Filter

 

Steps To Set Up mod_security And fail2ban

 

In easy way, we have to do the following step :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
apt update
apt upgrade
apt install apache2 -y
sudo systemctl enable apache2.service
sudo systemctl start apache2.service
sudo a2enmod headers
apt install libapache2-modsecurity
# sudo a2enmod mod-security
sudo a2enmod security2
apachectl -M | grep security
# output
## security2_module (shared)

We need to enable the mod_security rules. We will copy the mod_security configuration file, edit it and set the SecRuleEngine option to On:

Advertisement

---

Vim
1
2
sudo cp /etc/modsecurity/modsecurity.conf{-recommended,}
sudo nano /etc/modsecurity/modsecurity.conf

Change these settings :

Vim
1
2
3
4
5
...
SecRuleEngine On
...
SecResponseBodyAccess Off
…

mod_security rules are available in following directories:

Vim
1
2
3
/usr/share/modsecurity-crs/base_rules
/usr/share/modsecurity-crs/optional_rules
/usr/share/modsecurity-crs/experimental_rules

To enable all CRS base rules, create symbolic links :

Vim
1
sudo ln -s /usr/share/modsecurity-crs/base_rules/*.conf /usr/share/modsecurity-crs/activated_rules/

CRS optional and experimental rules needs separate symbolic links (not shown here).

We can configure and enable the Open Web Application Security Project (OWASP) core rule set:

Vim
1
2
3
4
5
apt install git
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak
mv owasp-modsecurity-crs /usr/share/modsecurity-crs
mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Edit the /etc/apache2/mods-enabled/security2.conf file:

Vim
1
/etc/apache2/mods-enabled/security2.conf

Add the lines at the end:

Vim
1
2
IncludeOptional "/usr/share/modsecurity-crs/*.conf
IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf

Restart Apache:

Vim
1
systemctl restart apache2

You need to read more information on how to configure and use mod_security from official documentation. Install the mod_evasive module using the following command:

Vim
1
2
apt-get install libapache2-mod-evasive
sudo a2enmod evasive

Open mod-evasive.conf file, configure mod_evasive module:

Vim
1
nano /etc/apache2/mods-available/mod-evasive.conf

Change the values like this :

Vim
1
2
3
4
5
6
7
8
9
...
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 30
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 3600
DOSLogDir /var/log/apache2/mod_evasive.log
...

Save that file. Create a log file for mod_evasive, give proper permission and restart Apache :

Vim
1
2
3
touch /var/log/apache2/mod_evasive.log
sudo chown www-data:www-data /var/log/apache2/mod_evasive.log
systemctl restart apache2

Read README file in the mod_evasive module for details on the various configuration parameters. We can configure fail2ban with mod security reading official guide :

Vim
1
http://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_ModSecurity2.5

When configuring fail2ban, you can test a failregex and ignoreregex patterns, against the mod_security logfile before activating the fail2ban mod_security filter:

Vim
1
2
fail2ban-regex /var/log/apache2/modsec_audit.log "FAIL_REGEX" "IGNORE_REGEX"
fail2ban-regex /var/log/apache2/modsec_audit.log "\[.*?\]\s[\w-]*\s<HOST>\s" "\[.*?\]\s[\w-]*\s<HOST>\s"

Sometimes, we need to un-ban an IP address, we can list of all current rules and check blocked IPs:

Vim
1
iptables -L -n

You can extract the IP address from this list :

Vim
1
iptables -L -n | grep DROP | sed 's/.*[^-]--\s\+\([0-9\.]\+\)\s\+.*$/\1/g'

We can pass it to perform the unbanning :

Vim
1
iptables -L -n | grep DROP | sed 's/.*[^-]--\s\+\([0-9\.]\+\)\s\+.*$/\1/g' | xargs -i{} iptables -D fail2ban-ModSec -s {} -j DROP

This Article Has Been Shared 288 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Set Up mod_security And fail2ban To Create Anti-Spam Filter

  • Cloud Computing : Dedicated Cloud Hosting or Virtual Dedicated

    Cloud Computing gives us lot of flexible plans to choose from which includes Dedicated Cloud Hosting. Which is better and which has to be chosen when?

  • Cloud Computing Agility : The Converged Technologies

    Cloud Computing Agility is a characteristic feature of Cloud which allows to gain the speed in development and deployment of applications and Services.

  • Rackspace Cloud Versus Amazon : Head to Head Comparison

    Rackspace Cloud Versus Amazon or rather why you will go for Rackspace or Amazon for Private Cloud,Public Cloud,Storage, Network services or any managed service.

  • Adding Schema.org Structured Data in Genesis Theme

    Adding Schema.org Structured Data in Genesis Theme without using any plugin is quite easy as Genesis has great documentation and has excellent existing markups.

  • Red Hat OpenShift PaaS Out From Beta : Plans and Features

    Red Hat OpenShift PaaS is now officially out of their Beta. Obviously our favorite Free Tier of usage is remaining plus you can opt for official paid support.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Why Data Management is so Important in a Business July 6, 2022
  • Application Modernization : Cloud Can Take Your Applications to the Next Level July 5, 2022
  • Ways To Make Sure Your Online Course Outshine Others July 3, 2022
  • Will Smart Factories Become the New Assembly Line? July 2, 2022
  • The Cost of Doing Business as a Handyman July 1, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Set Up mod_security And fail2ban To Create Anti-Spam Filter," in The Customize Windows, November 25, 2018, July 7, 2022, https://thecustomizewindows.com/2018/11/set-up-mod_security-and-fail2ban-to-create-anti-spam-filter/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy