LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-26-2010, 05:17 AM   #1
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
fail2ban - not banning apache scanners


Hi all....

I've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.

In my jail.conf I have:

Code:
[apache-iptables]

enabled  = true
filter   = apache-auth
action   = iptables[name=Apache, port=80, protocol=tcp]
           sendmail-whois[name=Apache, dest=tim@milkme.co.uk, sender=fail2ban@m$
logpath  = /var/log/apache*/*error_log
maxretry = 6
However Looking at this I realise I need to edit the filter.d/apache-error.conf

I'm not sure exactly how to setup the regex to ban the correct hosts

The errors from the scanners are like this:

Code:
[Wed Aug 25 20:25:55 2010] [error] [client 88.191.36.134] Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Wed Aug 25 20:25:55 2010] [error] [client 88.191.36.134] File does not exist: /var/www/localhost/htdocs/phpmyadmin
[Wed Aug 25 20:25:56 2010] [error] [client 88.191.36.134] File does not exist: /var/www/localhost/htdocs/phpMyAdmin
[Wed Aug 25 20:25:56 2010] [error] [client 88.191.36.134] File does not exist: /var/www/localhost/htdocs/myadmin
[Wed Aug 25 20:25:56 2010] [error] [client 88.191.36.134] File does not exist: /var/www/localhost/htdocs/pma
[Wed Aug 25 20:25:56 2010] [error] [client 88.191.36.134] File does not exist: /var/www/localhost/htdocs/mysql
help?
 
Old 08-26-2010, 05:27 AM   #2
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Original Poster
Rep: Reputation: 72
Code:
#
failregex = [[]client <HOST>[]] File does not exist: *

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
Heh, fixed it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Configuring Conky to read log file entries - apache + fail2ban djsmiley2k Linux - Desktop 1 04-26-2010 05:29 AM
Banning IP addresses ErrorBound General 5 08-25-2006 06:14 AM
banning IP addresses in samba HedAche Linux - Networking 4 07-02-2004 05:01 PM
banning an IP digsby0007 Linux - Security 11 02-27-2004 01:02 AM
banning an ip im1crazyassmofo Linux - General 18 04-10-2003 11:07 AM


All times are GMT -5. The time now is 08:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration