Hello,
I've all my services (postfix, dovecot, sasl, ...) secure with fail2ban,
but only httpd doesn't work
404 Not Found
//%0D/scripts/setup.php: 2 Time(s)
//3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s)
//81/phpmyadmin/scripts/setup.php: 1 Time(s)
//Admin/: 1 Time(s)
//Admin/scripts/setup.php: 1 Time(s)
//MyAdmin/: 1 Time(s)
//MyAdmin/scripts/setup.php: 1 Time(s)
//MySQLAdmin/scripts/setup.php: 1 Time(s)
//PHPMYADMIN/scripts/setup.php: 2 Time(s)
//PMA/: 1 Time(s)
//PMA/scripts/setup.php: 2 Time(s)
//PMA2/scripts/setup.php: 1 Time(s)
//PMA2009/scripts/setup.php: 2 Time(s)
//PMA3/scripts/setup.php: 2 Time(s)
//SQL/scripts/setup.php: 2 Time(s)
//SSLMySQLAdmin/scripts/setup.php: 1 Time(s)
//_PHPMYADMIN/scripts/setup.php: 2 Time(s)
//_admin/scripts/setup.php: 1 Time(s)
//_pHpMyAdMiN/scripts/setup.php: 2 Time(s)
//_phpMyAdmin/scripts/setup.php: 1 Time(s)
//_phpmyadmin/scripts/setup.php: 1 Time(s)
//admin/: 1 Time(s)
//admin/mysql/scripts/setup.php: 2 Time(s)
My /etc/fail2ban/filter.d/apache.conf:
failregex = [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)
Test:
[root at web ~]# fail2ban-regex /var/log/httpd/error_log
/etc/fail2ban/filter.d/apache.conf
/usr/share/fail2ban/server/filter.py:430: DeprecationWarning: the md5
module is deprecated; use hashlib instead
import md5
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/apache.conf
Use log file : /var/log/httpd/error_log
Results
=======
Failregex
|- Regular expressions:
| [1] [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)
|
`- Number of matches:
[1] 0 match(es)
Ignoreregex
|- Regular expressions:
|
`- Number of matches:
Summary
=======
Sorry, no match
How can I stop such tests?
Gruß
Andreas Reschke
________________________________________________________________
Unix/Linux-Administration
Andreas.Reschke at behrgroup.com