Fail2ban for Apache Scanner

[mesranet]

Dear all,

From my error_log i found lot of:

[Fri Dec 28 04:42:55.657360 2018] [:error] [pid 13326:tid 140598092752640] [client 83.221.220.121:10239] File does not exist: /var/www/html/htdocs.php
[Fri Dec 28 04:42:56.239232 2018] [:error] [pid 13209:tid 140598050793216] [client 83.221.220.121:10399] File does not exist: /var/www/html/desktop.ini.php
[Fri Dec 28 04:42:56.862603 2018] [:error] [pid 13326:tid 140598019323648] [client 83.221.220.121:10571] File does not exist: /var/www/html/z.php
[Fri Dec 28 04:42:57.409557 2018] [:error] [pid 13326:tid 140597977364224] [client 83.221.220.121:10746] File does not exist: /var/www/html/lala.php

So i make a new rules for Fail2ban with:

failregex = [[]client <HOST>:*[]] File does not exist: /var/www/html/*.php

But its doesnt work, Please help.

Thank you so much

 

[fuzzylogic]

Your regex is not right.
You are using * which does not work as you intend. Use .* to do that.
Here is a working version of what you tried to write...

failregex = [[]client <HOST>:.*[]] File does not exist: /var/www/html/.*\.php

Here is a working version of a more specific failregex...

failregex = [[]client <HOST>:\w\d*[]] File does not exist: /var/www/html/\S*(?:htdocs|desktop\.ini|z|lala)\.php

 

[mesranet]

Dear Fuzzylogic,

Thank you so much, its work great

 

[cPanelLauren]

Hello,


Glad to see your issue was able to be resolved, @fuzzylogic thanks for your assistance and great advice!