Hallo zusammen,
ich habe alle meine Services (postfix, dovecot, sasl, usw) mit fail2ban abgesichert, nur folgende "Fehler" bekomme ich nicht geregelt:
404 Not Found //%0D/scripts/setup.php: 2 Time(s) //3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s) //81/phpmyadmin/scripts/setup.php: 1 Time(s) //Admin/: 1 Time(s) //Admin/scripts/setup.php: 1 Time(s) //MyAdmin/: 1 Time(s) //MyAdmin/scripts/setup.php: 1 Time(s) //MySQLAdmin/scripts/setup.php: 1 Time(s) //PHPMYADMIN/scripts/setup.php: 2 Time(s) //PMA/: 1 Time(s) //PMA/scripts/setup.php: 2 Time(s) //PMA2/scripts/setup.php: 1 Time(s) //PMA2009/scripts/setup.php: 2 Time(s) //PMA3/scripts/setup.php: 2 Time(s) //SQL/scripts/setup.php: 2 Time(s) //SSLMySQLAdmin/scripts/setup.php: 1 Time(s) //_PHPMYADMIN/scripts/setup.php: 2 Time(s) //_admin/scripts/setup.php: 1 Time(s) //_pHpMyAdMiN/scripts/setup.php: 2 Time(s) //_phpMyAdmin/scripts/setup.php: 1 Time(s) //_phpmyadmin/scripts/setup.php: 1 Time(s) //admin/: 1 Time(s) //admin/mysql/scripts/setup.php: 2 Time(s)
Folgenden Eintag habe ich in /etc/fail2ban/filter.d/apache.conf:
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(.php|.asp|.exe|.pl)
Und die Überprüfung: [root@web ~]# fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache.conf /usr/share/fail2ban/server/filter.py:430: DeprecationWarning: the md5 module is deprecated; use hashlib instead import md5
Running tests =============
Use regex file : /etc/fail2ban/filter.d/apache.conf Use log file : /var/log/httpd/error_log
Results =======
Failregex |- Regular expressions: | [1] [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(.php|.asp|.exe|.pl) | `- Number of matches: [1] 0 match(es)
Ignoreregex |- Regular expressions: | `- Number of matches:
Summary =======
Sorry, no match
Wie kann ich dochnoch solche Abfrageversuche mit fail2ban stoppen?
Gruß Andreas