[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
m.roth at 5-cent.us
m.roth at 5-cent.us
Wed Aug 31 15:32:20 UTC 2011
Always Learning wrote:
>
> On Wed, 2011-08-31 at 11:16 -0400, m.roth at 5-cent.us wrote:
>
>> Maybe not, for a small website. However, let me re-suggest fail2ban,
>> with
>> three lines from one of our config files:
>> failregex = <HOST> -.*"GET
>> .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
>> onfig\.inc|main)\.php.*".*404.*
>> ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.*
>> ^<HOST> -.*"GET /w00tw00t\.at
>
> Looking at your example seems to suggest Fail2Ban is an 'after the
> event' response. I would like to implement 'before the event' filtering
> which prevents, even on the first detected hacking attempt, anything
> reaching HTTPD.
It is an after the event: after 3? 5? (I forget the default, but that can
be configured), it adds a rule to iptables to ban that IP for a limited
time. That, too, can be changed; I haven't done it, but I'd be surprised
if you can't configure it to ban that IP permanently.
mark
More information about the CentOS
mailing list