[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
taylorjoshu00@xxxxxxxxxxxxxx wrote: > I'm sure you can set fail2ban to look for errors in the apache log, would that > help? > > ------Original Message------ > From: Dan Dart > Sender: list-bounces@xxxxxxxxxxxxx > To: list@xxxxxxxxxxxxx > ReplyTo: list@xxxxxxxxxxxxx > Subject: Re: [LUG] iptables and hackers > Sent: 30 Aug 2011 19:56 > > Fail2ban by default works on SSHD and does a good job at it. > Maybe there's a script/IDS0 somewhere that says... Too many 404/500s > for dodgy URLs? Block!" > I have my Fail2ban on a hair-trigger :-) (watch out for re-wrapped text in the following) /etc/fail2ban/jail.local [DEFAULT] destemail = fit@localhost action = %(action_mwl)s [apache-noscript] enabled = true maxretry = 1 /etc/fail2ban/filter.d/apache-noscript.conf # Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 658 $ # [Definition] # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>\S+) # Values: TEXT # failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*/(cgi-bin|admin|Admin|sql|mail|phpmyadmin|file:|php|pma|web|PMA|PMA2006\ |pma2006|sqlmanager|mysqlmanager|PMA2005|phpmyadmin-old|phpmyadminold|pma2005\ |phpmanager|mysql|myadmin|webadmin|sqlweb|websql|webdb|mysqladmin|mysql-admin\ |phpmyadmin2|phpMyAdmin2|phpMyAdmin-2|php-my-admin|cms|clan|site|seite|page|forum\ |wbb2|board|wbb|archive|forumv2|forumv1|b0ard|f0rum|wbb1|wbb3|wbblite|directforum\ |board23|board2|board3|WBB|WBB2|html|phpkit|page|phpkit_1.6.1|clan|myadmin|webadmin\ |sqlweb|websql|webdb|mysqladmin|mysql-admin|phpmyadmin2|php-my-admin|phpMyAdmin-2.2.3\ |phpMyAdmin-2.2.6|phpMyAdmin-2.5.1|phpMyAdmin-2.5.4|phpMyAdmin-2.5.6|phpMyAdmin-2.6.0\ |phpMyAdmin-2.6.0-pl1|phpMyAdmin-2.6.2-rc1|phpMyAdmin-2.6.3|phpMyAdmin-2.6.3-pl1\ |phpMyAdmin-2.6.3-rc1|padmin|datenbank|database|horde|horde2|horde3|horde-3.0.9|Horde\ |README|horde-3.0.9|adserver|phpAdsNew|phpadsnew|phpads|Ads|ads|xmlrpc|xmlsrv|blog|drupal\ |community|blogs|blogtest|appserver|roundcube|rc|mail|mail2|roundcubemail|rms|webmail2\ |webmail|wm|bin|roundcubemail-0.1|roundcubemail-0.2|roundcube-0.1|roundcube-0.2|roun\ |cube|wp-login.php|ucp.php|main.php|thisdoesnotexistahaha.php|\.asp|\.dll|\.exe|\.pl) # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = best regards Dave -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq