[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Always Learning
centos at u61.u22.net
Wed Aug 31 15:22:01 UTC 2011
On Wed, 2011-08-31 at 11:16 -0400, m.roth at 5-cent.us wrote:
> Maybe not, for a small website. However, let me re-suggest fail2ban, with
> three lines from one of our config files:
> failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
> onfig\.inc|main)\.php.*".*404.*
> ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.*
> ^<HOST> -.*"GET /w00tw00t\.at
Mark,
Looking at your example seems to suggest Fail2Ban is an 'after the
event' response. I would like to implement 'before the event' filtering
which prevents, even on the first detected hacking attempt, anything
reaching HTTPD.
Paul.
More information about the CentOS
mailing list