I swapped out web servers two weekends ago, when the old machine started showing some unacceptable behavior. Part of that swap involved switching from a CentOS-based Linux distribution to an Ubuntu-based distribution. There were some great learning moments involved in that. I also wanted to swap out a few programs that hadn’t worked as well as I had hoped.
One of the new packages I’m trying out is Fail2Ban, an Python-based application to review the logs and temporarily bans IP addresses based on the patterns of abuse. Similar applications like DenyHosts are well-rated, but DenyHosts specializes in ssh, which hadn’t been too much of a problem for me, and didn’t have a straight-forward configuration for ftp, which unfortunately I must offer. I had used a similar Perl-based application before, but it hadn’t supported a couple of a my applications, and appeared to introduce some instability in the system. Fail2Ban came with configurations for Apache 2 and vsftpd. In their wiki, there was a HOWTO for banning PHP-based file upload attacks, something which had begun to fill the logs with nonsense.
So, 48 hours in and things seem to be running well. The log files clearly show some applications being blocked, other applications seems to be running well, and performance and responsiveness of the site seems to be okay.