I maintain a few dozen different websites and recently discovered hundreds of suspicious web visits. It was obviously a bad actor, at best they were a competitor using site scanner to check out our SEO. At worst, maybe a autobot scanning for open ports or other vulnerability, to hijack our site or worse.
Can fail2ban stop automated scanners on a shared hosting plan?
A quick Google search for led me to this article describing how to implement fail2ban, but A2Hosting – our shared hosting provider – said that wasn’t possible without upgrading our web host. I can’t believe fail2ban is not already part of every webhost, installed by default. It seems like it would stop a lot of the bad activity on the interwebs!
A2Hosting did suggest implementing Cloudflare to reduce and prevent malicious activity against my site. In the past I avoided Cloudflare, as an old Novell Netware CNE candidate, an infrastructure guy from before there was an internet like we know it today, I always avoid extra layers at all cost. I never noticed big issues in server performance, security scans, or weblogs before now, and didn’t want to add another intermediary between my sites and the end-users. I was also under the wrong impression Cloudflare was a subscription service. But it turns out, Cloudflare’s basic service is absolutely FREE! In fact, Cloudflare is partnered with A2Hosting, and integrates seamlessly. Implement Cloudflare basic when your site is hosted with A2Hosting, and literally it is only click of a button. And it was on.
Inspection of weblogs show activity from bad actors seem to come from certain countries, as identified.
Once Cloudflare was on, I was able to better track activity. Cloudflare certainly reduced the suspicious activity, but it seemed there was still plenty unchecked. It all came from certain, specific countries. Lets block them.
While A2Hosting allows blocking specific IP ranges, it doesn’t allow to block certain countries. (I know there are varying opinions on effectiveness and appropriateness of blocking entire countries, but our websites all market to specific local markets, not international clients. I think the ‘cost’ of blocking is well worth the extra safety.)
I blocked each country, one by one, in Cloudflare. As the inappropriate activity appeared, high volume site scanning activity, I blocked each country. Cloudflare, and A2Hosting, has, at least for now, really reduced the bad actors, reduced bad resources.