Script Kiddies and 403, 404 errors
I;ve been using fail2ban for a long time. I thought I had all the bases covered. I've got jails for everything (I thought), but now there seems to be a whole new wave of idiots.
I have no idea what they are looking for, but does anyone out there know of a Fail2ban action script that can pick up this stream of 403 and 404 errors that these morons are producing? See sample below : - Requests with error response codes 403 Forbidden /index.php?option=com_artportal&portalid=1 ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_catalogproduction&ta ... A%2Fmos_users--: 1 Time(s) /index.php?option=com_idoblog&task=profile ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_jashowcase&view=jash ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_joomlub&controller=a ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_juser&task=show_profile&id=70: 1 Time(s) /index.php?option=com_onestabliments&task= ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_photoblog&view=blogs ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_tupinambis&task=verp ... A%2Fmos_users--: 1 Time(s) /index.php?option=com_user&task=activate&a ... ad1504bd573f70d: 1 Time(s) 404 Not Found /).translate(: 1 Time(s) /.65: 1 Time(s) /.google-analytics.com/ga.js: 1 Time(s) /9.0.0: 1 Time(s) /;jQuery.cookie(: 1 Time(s) /BingSiteAuth.xml: 1 Time(s) /LiveSearchSiteAuth.xml: 1 Time(s) /a.modal: 1 Time(s) /administrator/components/com_babackup/classes/Tar.php: 1 Time(s) /administrator/components/com_feederator/i ... sp/add_tmsp.php: 1 Time(s) /administrator/components/com_jwmmxtd/admin.jwmmxtd.php: 1 Time(s) /administrator/components/com_linkdirector ... ectory.html.php: 1 Time(s) /administrator/components/com_lurm_constru ... constructor.php: 1 Time(s) /administrator/components/com_mosmedia/inc ... /media.divs.php: 1 Time(s) /administrator/components/com_serverstat/i ... .serverstat.php: 1 Time(s) /appConf.htm: 1 Time(s) /component/com_onlineflashquiz/quiz/common/db_config.inc.php: 1 Time(s) /components/com_cpg/cpg.php: 1 Time(s) /components/com_extended_registration/regi ... etailed.inc.php: 1 Time(s) /components/com_hbssearch/longDesc.php?h_i ... sers--%26id%3D2: 1 Time(s) /components/com_hbssearch/longDesc.php?hid ... A%2Fjos_users--: 2 Time(s) /components/com_pollxt/conf.pollxt.php: 1 Time(s) /components/com_slideshow/admin.slideshow1.php: 1 Time(s) /components/com_thopper/inc/projectstatus_type.php: 1 Time(s) /home/henry/sweoncent-1.0.2.gz: 1 Time(s) /images/A_MyMusePreviews/hank-martin/forev ... -of-mystery.mp3: 1 Time(s) /images/A_MyMusePreviews/hank-martin/forev ... mn/gonzales.mp3: 1 Time(s) /images/A_MyMusePreviews/hank-martin/forev ... tumn/nivram.mp3: 1 Time(s) /images/stories/logo150sq.jpg: 4 Time(s) /index.php/my-music.html?view=product&catid=2%3Asongs: 1 Time(s) /index.php?option=com_accombo&func=detail& ... A%2Fmos_users--: 1 Time(s) /index.php?option=com_akobook&Itemid=36&fu ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_cbresumebuilder&task ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_djcatalog&view=showItem&id=null: 1 Time(s) /index.php?option=com_facebook&view=studen ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_gameserver&view=gamepanel&id=999999: 1 Time(s) /index.php?option=com_idoblog&task=profile ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_jvideo&view=user&user_id=62: 2 Time(s) /index.php?option=com_mosres&task=viewprop ... perty_uid=1005': 1 Time(s) /index.php?option=com_ninjamonials&task=display&testimID=3: 2 Time(s) /index.php?option=com_photoblog&view=blogs ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_propertylab&task=pro ... 0&auction_id=26: 1 Time(s) /index.php?option=com_school&Itemid=null&f ... A%2Fjos_users--: 1 Time(s) /index.php?option=com_tupinambis&task=verp ... A%2Fmos_users--: 1 Time(s) /ntforum/%09SMF%C0%E0%D0%CD%0989000%09-1: 2 Time(s) /portfolio?controller=sections&view=item&i ... A%2Fjos_users--: 1 Time(s) /songs/streetsoflove.zip: 1 Time(s) /static/email/: 1 Time(s) |
I have no experience with fail2ban, but maybe something like mod_security which is an application firewall for webservers, is highly configurable, it can be made to look out for things like that, then take what action you tell it too
|
Quote:
|
All times are GMT -5. The time now is 04:45 PM. |