Fail2ban for Apache Scanner

M

mesranet

Well-Known Member
May 6, 2002
133
0
316
Dear all,

From my error_log i found lot of:

[Fri Dec 28 04:42:55.657360 2018] [:error] [pid 13326:tid 140598092752640] [client 83.221.220.121:10239] File does not exist: /var/www/html/htdocs.php
[Fri Dec 28 04:42:56.239232 2018] [:error] [pid 13209:tid 140598050793216] [client 83.221.220.121:10399] File does not exist: /var/www/html/desktop.ini.php
[Fri Dec 28 04:42:56.862603 2018] [:error] [pid 13326:tid 140598019323648] [client 83.221.220.121:10571] File does not exist: /var/www/html/z.php
[Fri Dec 28 04:42:57.409557 2018] [:error] [pid 13326:tid 140597977364224] [client 83.221.220.121:10746] File does not exist: /var/www/html/lala.php

So i make a new rules for Fail2ban with:

failregex = [[]client <HOST>:*[]] File does not exist: /var/www/html/*.php

But its doesnt work, Please help.

Thank you so much
 
F

fuzzylogic

Well-Known Member
Nov 8, 2014
149
90
78
cPanel Access Level
Root Administrator
Your regex is not right.
You are using * which does not work as you intend. Use .* to do that.
Here is a working version of what you tried to write...
Code: 
failregex = [[]client <HOST>:.*[]] File does not exist: /var/www/html/.*\.php
Here is a working version of a more specific failregex...
Code: 
failregex = [[]client <HOST>:\w\d*[]] File does not exist: /var/www/html/\S*(?:htdocs|desktop\.ini|z|lala)\.php
 
  • Like
Reactions: keat63
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
verdon CSF, WPFail2Ban, Litespeed Security 2
M Fail2ban Rule for exim_mainlog Security 1
B Fail2Ban: login_log filter webmaild Security 3
B Fail2ban Questions Security 2
M CSF and Fail2Ban Security 3
Similar threads
CSF, WPFail2Ban, Litespeed
Fail2ban Rule for exim_mainlog
Fail2Ban: login_log filter webmaild
Fail2ban Questions
CSF and Fail2Ban
Top Bottom