FAIL2BAN
--------

This module (drupal-spam filter/jail) allows you to submit IP addresses to the firewall, to stop
them comment spamming your site. Also prevents bruteforce dictionary attacs (drupal-auth filter/jail). 

Fail2ban program monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and bans
failure-prone addresses by updating existing firewall rules. Ban times and other configurations are 
defined in jail.conf files. 

Filters specify which error messages need be taken care of. This module ships with two filters 
(drupal-auth.conf, drupal-drupal-spam.conf) that response to spam and log in attemps. 

REQUIREMENTS
------------

1. To make use of fail2ban you will need to install the fail2ban system utility.
For most distributions it is already packaged or can be found in repositories.  
See http://www.fail2ban.org/ for more info. 

2. Core module Syslog has to enabled.  


INSTALLATION
------------

1. Extract the module to sites/*/modules and enable it via the module admin
page.

2. In the contrib/ directory you will find the file jail.local.conf with configuration snippets
to add to your /etc/fail2ban/jail.local and filters to copy to /etc/fail2ban/filter.d . 
It is adviced to make all the configurations to jail.local instead of jail.conf so if 
you dont have /etc/fail2ban/jail.local file then create one. 

3. The filters are DISABLED BY DEFAULT in jail.local.conf so you need to enable the jails.
Set: "enabled = true" and restart fail2ban "/etc/init.d/fail2ban restart".

The system utility and this module are pre-configured with localhost
whitelisted. The module also automatically whitelists the IP address of the
administrator who enabled it on the site.


CONFIGURATION
-------------

* Browse to http://localhost/?q=admin/settings/fail2ban to change
fail2ban settings.

* You will see a new checkbox appear on the comments administration page 
http://localhost/?q=admin/content/comment .

* Code snippets are pre-configured to firewall banning any matching addresses for 1 week. 
Log in attemps are limited to 6 and then the IP banned for 1 hour (7200 seconds). Feel free
to change the configuration from jail.conf suitable for your needs. 

USE
--- 

When the checkbox on http://localhost/?q=admin/content/comment site is enabled 
and a comment is selected to be unpublished the user submitted to commend will 
be banned for the period set in your /etc/fail2ban/jail.local. 


UPGRADE PATH
------------

7.x-1.1 -> 7.x.1.2 
The PHP code has not been changed. Only new filter and code snipped to jail.local.conf
(formal jail.conf) has been made. Add these changes to your fail2ban conf files as 
advised in INSTALLATION above. 

TODO
----


AUTHORS
-------

Peter Lieverdink <me@cafuego.net>
Tipi Koivisto <tipi@koivisto.eu>


LICENCE
-------

http://www.gnu.org/licenses/gpl-2.0.html

