How To: Stop Apache DOS attacks with Fail2Ban

I had to install and configure fail2ban yesterday to stop some hacking attempts on my FTP server, and when I was looking through the fail2ban configs I saw that you could stop DOS (Denial of Service) attacks with it too. As this site’s been hit by the occasional DOS from people with an axe to grind and too much time on their hands, I thought I may as well set up a DOS mitigation strategy while I was at it. Here’s how:

  1. Install fail2ban through the method of your choice.
  2. Edit the file /etc/fail2ban/jail.local and add the following section:
    enabled = true
    port = http,https
    filter = http-get-dos
    logpath = /var/log/apache2/YOUR_WEB_SERVER_ACCESS_LOG
    # maxretry is how many GETs we can have in the findtime period before getting narky
    maxretry = 300
    # findtime is the time period in seconds in which we're counting "retries" (300 seconds = 5 mins)
    findtime = 300
    # bantime is how long we should drop incoming GET requests for a given IP for, in this case it's 5 minutes
    bantime = 300
    action = iptables[name=HTTP, port=http, protocol=tcp]
  3. Don’t forget to replace YOUR_WEB_SERVER_ACCESS_LOG with the actual access log for your webserver! Note: This doesn’t have to be an apache log, I just happen to be using apache.

  4. Now we need to create the filter file, so create the file /etc/fail2ban/filters.d/http-get-dos.conf and place the following contents in it:
    # Fail2Ban configuration file
    # Author:
    # Option: failregex
    # Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
    # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.
    failregex = ^<HOST> -.*"(GET|POST).*
    # Option: ignoreregex
    # Notes.: regex to ignore. If this regex matches, the line is ignored.
    # Values: TEXT
    ignoreregex =
  5. Now we just need to restart fail2ban for the new jail & filter to come into affect:
    /etc/init.d/fail2ban restart
  6. Or if your machine is on systemd, use:

    systemctl start fail2ban

    Also on systemd, if you want fail2ban to start on boot (and the chances are that you do), run the additional:

    systemctl enable fail2ban

    With all that done your site should be pretty safe from casual DOS attacks, although you’d likely need more stringent maxretry and findtime settings to really help against Distributed DOS (DDOS) attacks.


To check if fail2ban is seeing the logs, check out /var/log/fail2ban.log and you should see things like:

[http-get-dos] Found w.x.y.z

showing up as visitors view your site.

If you want to test if it’s really working, a nice way to do so is to use ab (Apache Benchmark – part of the apache2-utils package), like this:

ab -n 500 -c 10 http://your-web-site-dot-com/

This will kick off 500 page-loads in 10 concurrent connections against your site. When the ban kicks in the page-loads will stop (as incoming GET requests from your IP will be dropped), then when the bantime expires you’ll be able to access the site again. If you then take a look in your /var/log/fail2ban.log file you should see something like this:

2013-06-22 05:37:21,943 fail2ban.actions: WARNING [http-get-dos] Ban YOUR_IP_ADDRESS
2013-06-22 05:42:22,341 fail2ban.actions: WARNING [http-get-dos] Unban YOUR_IP_ADDRESS

Pretty neat, huh?

Many thanks to the authors of the following great articles for helping me to get this set up in no-time:– on-webserver.html

Cheers! =D

How To: Block FTP hacking attempts using Fail2Ban

I noticed that my FTP server was getting hit up with huge streams of access attempts, which just won’t do. Thankfully, it’s really easy to block these access attempts using the awesome fail2ban script.

  1. First, install fail2ban either manually or if it’s in your repos use:
    apt-get install fail2ban
  2. Next, go to the relevant section of the file /etc/fail2ban/jail.conf for your FTP server (mine is proftpd) and enable jailing by flipping the enabled flag to true:
    enabled = true
    port = ftp,ftp-data,ftps,ftps-data
    filter = proftpd
    logpath = /var/log/proftpd/proftpd.log
    maxretry = 5
    bantime = 3600
  3. Set your retries and bantime as you see fit, and make sure the log file path is correct (i.e. that it’s actually the log you want to monitor!)

  4. Restart fail2ban with a swift:
    /etc/init.d/fail2ban restart
  5. If your FTP server is controlled via inted/xinetd you don’t need to restart the FTP server as it’s started when required. If your FTP server is standalone then it probably won’t hurt to restart the service manually through /etc/init.d/[your-ftp-server-management-script-here]

That should be pretty much it, if there’s still access attempts going on they’ll be banned from connecting for the bantime you defined, and you’ll be able to see ban details in /var/log/fail2ban.log.

Many, many thanks to the excellent Block FTP Hacking tutorial on The Art of Web – fantastic stuff =D

How To: Hack/SoftMod Your Wii To Run Pretty Much Anything

Post last updated: 19th of August 2011, but before that it was February 2010. If the screenshots don’t exactly match up (i.e. says to install WAD Manager v1.5 mod3, screenshots have v1.4 etc) – don’t panic, I’ve just updated the article but not the screenshots. Also, I’ve added mention to using LetterBomb instead of BannerBomb, but I don’t have step by step directions for it – google is your friend.

Anything? Well, how about homebrew (user created apps/games), downloaded games (i.e. wad files) and downloaded ISOs? Sounds good? Read on!

You will need:
– A Wii (hopefully with firmware 3.XE or 3.XU, where X is 1, 2 or 3)
– A Wii-mote
(if you’re hacking a new [2008 and onwards] Wii and want to back up the system memory) A Gamecube controller
– A SD card [NOT a SDHC card, as you need 4.0 firmware or higher to use those]. The SD card must be formatted in FAT format and at least 1GB in size.
– An internet connection your Wii can use
– An hour or two to get it all sorted

You will NOT need:
– A copy of Zelda: Twilight Princess

Optionally can be used to control BootMii option selection & fix a bricked Wii:
– A Gamecube controller

Please Note: I’ve put together ALL the files I used to hack the Wii as a single zip which you can find here – please read the included readme.txt for usage instructions. Also, as this post ages there might be newer version of files, so you might want to get each bit yourself to have the latest versions. The Wii hacking files have been updated on 10th January 2010 to include latest revisions of cIOS installers + apps (WadManager v1.5 mod 3, Hermes CIOS 222 v4, Trucha Bug Restorer v1.1, USB Loader GX r815, BootMii 0.60 beta, Preloader 0.30 etc).

Also, instead of just following this guide step by step as you go along, I’d -STRONGLY- recommend reading through the entire thing so you’re pre-warned about bits and pieces and -THEN- going through it step by step, looking ahead occasionally so you’ve got the right files on your SD card for the step, and maybe the step ahead.

FINAL WARNING(S): In the highly unlikely event that you brick your Wii – it’s not my fault. Also, never remove a SD card from a powered on Wii – it can (and will) corrupt the partition on the card and you’ll need to reformat it (not quick-format). If your SD card suddenly becomes read-only and you haven’t accidentally slid the lock/unlock slider to lock – this is exactly what you’ve done.

With that out of the way – let’s get this show on the road! =D

Step 1 – Get a suitable exploit

Go to and get the BannerBomb hack. Get the first file (, extract it, and move the folder named private to the root of your SD card.

Update: If you have a recent Wii with stock firmware of 4.3 or later then you need to use the LetterBomb exploiter, and not BannerBomb. Substitute as appropriate for the rest of the article.

Step 2 – Get a boot agent

Go to and download HackMii Beta 2. Extract it, rename the “Installer.elf” file to “boot.elf” and place it in the root of your SD card.

Step 3 – Prime your Wii

Make sure your Wii is able to connect to the Internet, turn the Wii off, insert the SD card, then boot up the Wii.

Step 4 – Prep the exploit

Go to the Wii button (bottom left at the system menu), then Data Management | Channels | SD Card. A box will pop up saying Load boot.dol/boot.elf – click [Yes]


Step 5 – Run the exploit

Update: If you’re using LetterBomb instead of BannerBomb, use your own common sense with the following instructions.

Press the 1 button to install the BannerBomb exploit. If your Wii freezes with a black and white memory dump, or just plain freezes for a couple of minutes at this point you need to go get the next recommended version of the BannerBomb exploit in the list provided in step 1, replace the private folder on your SD card with the one extracted from the different BannerBomb exploit zip (, and try again from Step 4. If this doesn’t work either, pick the next BannerBomb exploit zip and wash/rinse/repeat.


Step 6 – Install useful software

Once HackMii is running, it will offer you the opportunity to install The Homebrew Channel, DVDX and BootMii – install them all! Note: When you install BootMii, I’d recommend installing it as boot2 instead of an IOS file – it just means that it’ll be available should you somehow manage (however unlikely) to mess up your Wii, and you’ll be able to recover things to a clean state.

Updated Note: Newer Wiis (2008 and newer) come configured so that you cannot install HackMii as boot2 – you have to install as IOS. Don’t worry though, we can still back up your system memory, and later, get preloader installed for recovery (should we ever need it) after we’ve restored the Trucha Bug. From the site:

What does “The installed boot1 version prevents a boot2 install mean? Are you going to fix it?
No, it can’t be fixed. Installing as boot2 is the most useful way to install BootMii, but it requires that we exploit a particularly silly bug in a part of the system that can not be changed under any circumstances. Nintendo finally fixed this bug in new Wiis that were released sometime in 2008. We have looked for a suitable replacement for this exploit, but have not found one, and it does not seem likely that anyone ever will.



Step 7 – Backup your original (stock) system

Now you have BootMii installed, restart your Wii and you’ll be greeted with the BootMii screen with 4 icons – at this point you can either use a Gamecube controller to navigate, or use the Power button to move to the next selection, then the Reset buttom to select an option. Navigate until the the far right Settings icon is selected, then push the A button on Gamecube controller (or the Reset button on the Wii) and you’ll see options depicting writing from a chip (on left) and writing to a chip (2nd from left) – pick the left one to back up the system memory of your Wii so you’ve got it available in case something wonky happens w/ your Wii. It’ll take about 10-15 mins to back up the system memory to a file called nand.bin on your SD card. Once this is done, go back to the top BootMii menu and load the System Menu as normal – you’ll see the Homebrew channel there with lovely bubbles for you to pop. Hurray! =D

Updated Note: When hacking a new Wii where BootMii had to be installed as an IOS instead of boot2, I wasn’t able to use the buttons on the Wii to navigate the BootMii menu to backup the system memory, instead I had to use a Gamecube controller, which worked fine. You should be able to use the Power button to change selections, then the Reset button to actually select your option, on one Wii I hacked this didn’t seem to work so I just used a Gamecube controller, but it could have been I’d just forgotten you need to hit the Power button to change selections, as it’s a pretty un-intuitive thing to do…






Step 7.5 – Re-introduce exploits

Newer Wiis come with the Trucha bug (i.e. fakesign) fixed – but we need it to softmod our Wii properly, so we’re going to have to re-introduce the bug by installing older IOS files using Trucha Bug Restorer. Grab yourself a copy, place it in a folder in your “apps” folder on your SD card with the .dol file renamed to boot.dol, watch this video on how to use it, and follow along until you’ve successfully restored the Trucha bug, so you can install custom firmware in step 8 below.

Updated Note: When I used Trucha Bug Restorer, after downgrading IOS 15 as shown in the video the Wii wouldn’t connect to the network to download the older version of IOS 36 to patch, so I ended up using NUS Downloader to get a copy of IOS36-64-v3351.wad which I placed on the root of my SD card and then pointed TBR at that instead of using the network connection, it then updated fine and I restored IOS 15 via network connection as per the video instructions.

Step 8 – Install custom IOS’

Get and run Waninkoko’s cIOS 38 Rev 17 Installer as an app (i.e. create a folder on SD card called “apps”, inside this create a folder like “cIOS38-Installer”), place the file in this folder and rename it to boot.dol. Run the installer through the Homebrew Channel and it’ll install and patch a bunch of IOS files, including IOS 249 which is needed to run loads of stuff.

Updated Note: If you get error = -2011 during the install process of this, you need to go back to step 7.5 above and make sure the version of IOS 36 installed is the hacked cIOS version with the Trucha bug.


Step 9 – Update the firmware

Now we’re going to update the firmware to a custom version of 4.0 that leaves the trucha (fakesign) exploit open for us (in my experience you HAVE to install 4.0 before 4.1 otherwise you’ll get a ret = -1036 error if you try to go directly to 4.1), so, grab Wanninkoko’s Firmware 4.0 Updater, rename the extracted file to boot.dol, create a folder for it in the apps folder on your SD card and run the app through the Homebrew Channel


You’ll know you’re on the 4.0 firmware not only because it’ll say so on the first page of the Wii Settings channel, but because you’ll have a SD icon in the System Menu as shown below…


Step 10 – Update the firmware

We’re getting there… Do just like Step 9 but with Waninkoko’s  4.1 Firmware Updater


Step 11 – Add some useful channels

Okay – we now have the latest custom 4.1 firmware and the Homebrew Channel, but we need a couple of more bits and pieces to get us to the finish line. For this you need some knowledge: Wii virtual console games (that is, SNES games, Genesis games, etc.) come as .WAD files, which need to be installed to the Wii system memory or NAND emulated system memory to play. For this, we use a program called Wad Manager – so we’re going to install a custom version of Wad Manager that comes as a channel and has other nice goodies like directory support. To install this wad manager, we need a wad manager! So to get a copy of WAD Manager 1.5 mod3 as an application AND as a channel, head on over to here. Extract the rar file, and place the .dol on your SD card in the apps folder in its own folder (making sure the .dol file is renamed to boot.dol) and run it through the Homebrew Channel, -NOW- from the WAD manager we’re running as an app, install the WAD Manager 1.5 mod3 channel



Step 12 – Add a disc launcher

To run ISOs downloaded from t’internets, you need backup launcher. Install Backup Launcher 0.3 gamma with #002 fix from (link now broken & removed) – then, when that’s installed as a channel (through the WAD Manager channel we installed in Step 11 above) you’ll be able to insert the burnt ISO DVDs and launch ’em through the Backup Launcher channel.

Step 13 – Add a hard-drive launcher

[OPTIONAL] If you want to run games from a hard-drive, you’ll want to get a copy of USB Loader GX – find a version that installs as a channel (i.e. a wad not an app) and install this if you want. I’m not going to go into too much WBFS (Wii Backup File System) stuff here – the easiest way is to just get a compatible USB hard-drive, plug it into the leftmost of the two USB sockets on the back of the Wii (leftmost when you’re looking at the front of the Wii), let USB Loader GX Format it for you, then you’re good to go.

Updated Note: If you plan on using a USB hard drive with your Wii, which really is the way to go, make two primary partitions – one FAT32 partition for Wads/NAND Emulation (have a look at my article on it here if you’re interested) and one for your ripped Wii ISOs (format doesn’t matter – USB Loader GX will reformat it anyway). My setup, on a 320GB drive is 20GB for Wads/NAND, 280GB-ish for ISOs.

Another updated note: USB Launcher is functional, but WiiFlow is downright sexy – google it!

Step 14 – Final tweaks

Almost done! At the moment, it’s possible that each time the Wii boots, BootMii will come up and we have to press the Reset button on the Wii to go to the system menu – although to be fair I haven’t seen this behaviour on anything but the first Wii I modded. If this occurs you can just rename the “bootmii” folder on the root of your SD card to something like “GET-RID-OF-THESE-CAPS-TO-ENABLEbootmii“. Now, get a copy preloader 0.30 final (it’s an app, not a wad) – make a folder for it in the apps folder of your sd card, copy it in again making sure the .dol file is called boot.dol (starting to see a pattern?). Before you install the app, you might want to get a copy of the 4.1 version of hacks.ini from here and place it in the root of your SD card. Launch the preloader 0.30 app through the Homebrew Channel and install. In Preloader, navigate to System Hacks and feel free to change some options (disable background music, disable standby mode, region-free everything etc.).

You can choose to boot the Wii to preloader, or straight to the System Menu (which I prefer) – if you ever want to get Preloader back up to change any settings, recover the Wii or what-not, just turn the Wii off, then turn it back on and hold down the RESET button while it’s booting – voila! Preloader is there for you to launch things, go straight to the Homebrew Chan, change system hacks etc.

Updated Note: Preloader 0.30 is the newest version as of the 8th December 2009 – the screenshots below are from when I installed Preloader 0.29 – it’s gonna be pretty much the same thing if you’re installing newer. When you use the systemhacks in preloader, make sure that you you set the Block Disc Updates and Block Online Updates to enabled so you keep your custom firmware if you insert an original disc of a game with a newer firmware version than you’re currently running! However, if you want to play your original Beatles: Rock Band or some of the other, newer rhythm-music games you’ll need to do a little bit of extra patching, which I’ve written about here.




Step 15 – Make it easy to get apps

[OPTIONAL] Install the Homebrew Browser Channel, if you want…


Step 16 – EnJoY!

That’s it! Sit back! Relax! Install and launch wads! Play backup games! (through Backup Launcher, not the standard Disc Channel). Have a beer!

Final Wrap-Up Notes:

–  You might want to edit bootmii.ini in the bootmii folder on your SD card, where you can change the autoboot setting to system menu, and change the delay in seconds (0 if you don’t want to see bootmii at all).

– Once you’ve got custom firmware on your Wii, DO NOT install stock Nintendo firmware. If you buy a new game which needs newer firmware, use the preloader “skip disc update check” option to avoid having to install any updates to play or rip the disc and run WiiScrubber on it to remove the firmware.

– If you decide to play imports FOR THE LOVE OF BOD do NOT install Japanese firmware on a non-Japanese Wii – it will brick your Wii. No, really. With any luck you could get BootMii going and restore your nand.bin to get the system back, but don’t tempt fate.

Anyways, Happy Wii-Modding!, and if you have any problems or questions, feel free to sling ’em in the comments below and I’ll have a gander.