[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 2011-08-30 at 21:19 +0100, Dave Morgan wrote:
> taylorjoshu00@xxxxxxxxxxxxxx wrote:
> > I'm sure you can set fail2ban to look for errors in the apache log, would that
> > help?
> >
> > ------Original Message------
> > From: Dan Dart
> > Sender: list-bounces@xxxxxxxxxxxxx
> > To: list@xxxxxxxxxxxxx
> > ReplyTo: list@xxxxxxxxxxxxx
> > Subject: Re: [LUG] iptables and hackers
> > Sent: 30 Aug 2011 19:56
> >
> > Fail2ban by default works on SSHD and does a good job at it.
> > Maybe there's a script/IDS0 somewhere that says... Too many 404/500s
> > for dodgy URLs? Block!"
> >
>
> I have my Fail2ban on a hair-trigger :-)
> (watch out for re-wrapped text in the following)
>
> /etc/fail2ban/jail.local
> [DEFAULT]
> destemail = fit@localhost
> action = %(action_mwl)s
>
> [apache-noscript]
>
> enabled = true
> maxretry = 1
>
> /etc/fail2ban/filter.d/apache-noscript.conf
> # Fail2Ban configuration file
> #
> # Author: Cyril Jaquier
> #
> # $Revision: 658 $
> #
>
> [Definition]
>
> # Option: failregex
> # Notes.: regex to match the password failure messages in the logfile. The
> # host must be matched by a group named "host". The tag
> "<HOST>" can
> # be used for standard IP/hostname matching and is only an
> alias for
> # (?:::f{4,6}:)?(?P<host>\S+)
> # Values: TEXT
> #
> failregex = [[]client <HOST>[]] (File does not exist|script not found or
> unable to stat):
> .*/(cgi-bin|admin|Admin|sql|mail|phpmyadmin|file:|php|pma|web|PMA|PMA2006\
> |pma2006|sqlmanager|mysqlmanager|PMA2005|phpmyadmin-old|phpmyadminold|pma2005\
> |phpmanager|mysql|myadmin|webadmin|sqlweb|websql|webdb|mysqladmin|mysql-admin\
> |phpmyadmin2|phpMyAdmin2|phpMyAdmin-2|php-my-admin|cms|clan|site|seite|page|forum\
> |wbb2|board|wbb|archive|forumv2|forumv1|b0ard|f0rum|wbb1|wbb3|wbblite|directforum\
> |board23|board2|board3|WBB|WBB2|html|phpkit|page|phpkit_1.6.1|clan|myadmin|webadmin\
> |sqlweb|websql|webdb|mysqladmin|mysql-admin|phpmyadmin2|php-my-admin|phpMyAdmin-2.2.3\
> |phpMyAdmin-2.2.6|phpMyAdmin-2.5.1|phpMyAdmin-2.5.4|phpMyAdmin-2.5.6|phpMyAdmin-2.6.0\
> |phpMyAdmin-2.6.0-pl1|phpMyAdmin-2.6.2-rc1|phpMyAdmin-2.6.3|phpMyAdmin-2.6.3-pl1\
> |phpMyAdmin-2.6.3-rc1|padmin|datenbank|database|horde|horde2|horde3|horde-3.0.9|Horde\
> |README|horde-3.0.9|adserver|phpAdsNew|phpadsnew|phpads|Ads|ads|xmlrpc|xmlsrv|blog|drupal\
> |community|blogs|blogtest|appserver|roundcube|rc|mail|mail2|roundcubemail|rms|webmail2\
> |webmail|wm|bin|roundcubemail-0.1|roundcubemail-0.2|roundcube-0.1|roundcube-0.2|roun\
> |cube|wp-login.php|ucp.php|main.php|thisdoesnotexistahaha.php|\.asp|\.dll|\.exe|\.pl)
>
>
> # Option: ignoreregex
> # Notes.: regex to ignore. If this regex matches, the line is ignored.
> # Values: TEXT
> #
> ignoreregex =
>
> best regards
> Dave
>
>
>
>
>
Yes this is what I hoped you could do
--
________________________________________________________________________
Regards
Kevin Lucas
Minions Post Master(Sub)
sip:kevin.lucas@xxxxxxxxx
www.minionsbandb.co.uk
www.tearooms.minionsbandb.co.uk
FaceBook Minions_shop
Po House, Minions,
Liskeard Cornwall
PL14 5LE
01579363386
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq