[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, 2011-08-30 at 21:19 +0100, Dave Morgan wrote: > taylorjoshu00@xxxxxxxxxxxxxx wrote: > > I'm sure you can set fail2ban to look for errors in the apache log, would that > > help? > > > > ------Original Message------ > > From: Dan Dart > > Sender: list-bounces@xxxxxxxxxxxxx > > To: list@xxxxxxxxxxxxx > > ReplyTo: list@xxxxxxxxxxxxx > > Subject: Re: [LUG] iptables and hackers > > Sent: 30 Aug 2011 19:56 > > > > Fail2ban by default works on SSHD and does a good job at it. > > Maybe there's a script/IDS0 somewhere that says... Too many 404/500s > > for dodgy URLs? Block!" > > > > I have my Fail2ban on a hair-trigger :-) > (watch out for re-wrapped text in the following) > > /etc/fail2ban/jail.local > [DEFAULT] > destemail = fit@localhost > action = %(action_mwl)s > > [apache-noscript] > > enabled = true > maxretry = 1 > > /etc/fail2ban/filter.d/apache-noscript.conf > # Fail2Ban configuration file > # > # Author: Cyril Jaquier > # > # $Revision: 658 $ > # > > [Definition] > > # Option: failregex > # Notes.: regex to match the password failure messages in the logfile. The > # host must be matched by a group named "host". The tag > "<HOST>" can > # be used for standard IP/hostname matching and is only an > alias for > # (?:::f{4,6}:)?(?P<host>\S+) > # Values: TEXT > # > failregex = [[]client <HOST>[]] (File does not exist|script not found or > unable to stat): > .*/(cgi-bin|admin|Admin|sql|mail|phpmyadmin|file:|php|pma|web|PMA|PMA2006\ > |pma2006|sqlmanager|mysqlmanager|PMA2005|phpmyadmin-old|phpmyadminold|pma2005\ > |phpmanager|mysql|myadmin|webadmin|sqlweb|websql|webdb|mysqladmin|mysql-admin\ > |phpmyadmin2|phpMyAdmin2|phpMyAdmin-2|php-my-admin|cms|clan|site|seite|page|forum\ > |wbb2|board|wbb|archive|forumv2|forumv1|b0ard|f0rum|wbb1|wbb3|wbblite|directforum\ > |board23|board2|board3|WBB|WBB2|html|phpkit|page|phpkit_1.6.1|clan|myadmin|webadmin\ > |sqlweb|websql|webdb|mysqladmin|mysql-admin|phpmyadmin2|php-my-admin|phpMyAdmin-2.2.3\ > |phpMyAdmin-2.2.6|phpMyAdmin-2.5.1|phpMyAdmin-2.5.4|phpMyAdmin-2.5.6|phpMyAdmin-2.6.0\ > |phpMyAdmin-2.6.0-pl1|phpMyAdmin-2.6.2-rc1|phpMyAdmin-2.6.3|phpMyAdmin-2.6.3-pl1\ > |phpMyAdmin-2.6.3-rc1|padmin|datenbank|database|horde|horde2|horde3|horde-3.0.9|Horde\ > |README|horde-3.0.9|adserver|phpAdsNew|phpadsnew|phpads|Ads|ads|xmlrpc|xmlsrv|blog|drupal\ > |community|blogs|blogtest|appserver|roundcube|rc|mail|mail2|roundcubemail|rms|webmail2\ > |webmail|wm|bin|roundcubemail-0.1|roundcubemail-0.2|roundcube-0.1|roundcube-0.2|roun\ > |cube|wp-login.php|ucp.php|main.php|thisdoesnotexistahaha.php|\.asp|\.dll|\.exe|\.pl) > > > # Option: ignoreregex > # Notes.: regex to ignore. If this regex matches, the line is ignored. > # Values: TEXT > # > ignoreregex = > > best regards > Dave > > > > > Yes this is what I hoped you could do -- ________________________________________________________________________ Regards Kevin Lucas Minions Post Master(Sub) sip:kevin.lucas@xxxxxxxxx www.minionsbandb.co.uk www.tearooms.minionsbandb.co.uk FaceBook Minions_shop Po House, Minions, Liskeard Cornwall PL14 5LE 01579363386 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq