Hello, I've all my services (postfix, dovecot, sasl, ...) secure with fail2ban, but only httpd doesn't work

404 Not Found //%0D/scripts/setup.php: 2 Time(s) //3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s) //81/phpmyadmin/scripts/setup.php: 1 Time(s) //Admin/: 1 Time(s) //Admin/scripts/setup.php: 1 Time(s) //MyAdmin/: 1 Time(s) //MyAdmin/scripts/setup.php: 1 Time(s) //MySQLAdmin/scripts/setup.php: 1 Time(s) //PHPMYADMIN/scripts/setup.php: 2 Time(s) //PMA/: 1 Time(s) //PMA/scripts/setup.php: 2 Time(s) //PMA2/scripts/setup.php: 1 Time(s) //PMA2009/scripts/setup.php: 2 Time(s) //PMA3/scripts/setup.php: 2 Time(s) //SQL/scripts/setup.php: 2 Time(s) //SSLMySQLAdmin/scripts/setup.php: 1 Time(s) //_PHPMYADMIN/scripts/setup.php: 2 Time(s) //_admin/scripts/setup.php: 1 Time(s) //_pHpMyAdMiN/scripts/setup.php: 2 Time(s) //_phpMyAdmin/scripts/setup.php: 1 Time(s) //_phpmyadmin/scripts/setup.php: 1 Time(s) //admin/: 1 Time(s) //admin/mysql/scripts/setup.php: 2 Time(s)

My /etc/fail2ban/filter.d/apache.conf:

failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(.php|.asp|.exe|.pl)

Test: [root@web ~]# fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache.conf /usr/share/fail2ban/server/filter.py:430: DeprecationWarning: the md5 module is deprecated; use hashlib instead import md5

Running tests =============

Use regex file : /etc/fail2ban/filter.d/apache.conf Use log file : /var/log/httpd/error_log

Results =======

Failregex |- Regular expressions: | [1] [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*(.php|.asp|.exe|.pl) | `- Number of matches: [1] 0 match(es)

Ignoreregex |- Regular expressions: | `- Number of matches:

Summary =======

Sorry, no match

How can I stop such tests?

Gruß Andreas Reschke ________________________________________________________________

Unix/Linux-Administration Andreas.Reschke@behrgroup.com