fail2ban and httpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello,
I've all my services  (postfix, dovecot, sasl, ...) secure with fail2ban, 
but only httpd doesn't work

404 Not Found
       //%0D/scripts/setup.php: 2 Time(s)
       //3rdparty/phpMyAdmin/scripts/setup.php: 1 Time(s)
       //81/phpmyadmin/scripts/setup.php: 1 Time(s)
       //Admin/: 1 Time(s)
       //Admin/scripts/setup.php: 1 Time(s)
       //MyAdmin/: 1 Time(s)
       //MyAdmin/scripts/setup.php: 1 Time(s)
       //MySQLAdmin/scripts/setup.php: 1 Time(s)
       //PHPMYADMIN/scripts/setup.php: 2 Time(s)
       //PMA/: 1 Time(s)
       //PMA/scripts/setup.php: 2 Time(s)
       //PMA2/scripts/setup.php: 1 Time(s)
       //PMA2009/scripts/setup.php: 2 Time(s)
       //PMA3/scripts/setup.php: 2 Time(s)
       //SQL/scripts/setup.php: 2 Time(s)
       //SSLMySQLAdmin/scripts/setup.php: 1 Time(s)
       //_PHPMYADMIN/scripts/setup.php: 2 Time(s)
       //_admin/scripts/setup.php: 1 Time(s)
       //_pHpMyAdMiN/scripts/setup.php: 2 Time(s)
       //_phpMyAdmin/scripts/setup.php: 1 Time(s)
       //_phpmyadmin/scripts/setup.php: 1 Time(s)
       //admin/: 1 Time(s)
       //admin/mysql/scripts/setup.php: 2 Time(s)

My /etc/fail2ban/filter.d/apache.conf:

failregex = [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)

Test:
[root@web ~]# fail2ban-regex /var/log/httpd/error_log
/etc/fail2ban/filter.d/apache.conf
/usr/share/fail2ban/server/filter.py:430: DeprecationWarning: the md5
module is deprecated; use hashlib instead
  import md5

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/apache.conf
Use log file   : /var/log/httpd/error_log


Results
=======

Failregex
|- Regular expressions:
|  [1] [[]client <HOST>[]] (File does not exist|script not found or
unable to stat): .*(\.php|\.asp|\.exe|\.pl)
|
`- Number of matches:
   [1] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Sorry, no match

How can I stop such tests?

 
Gruß 
Andreas Reschke
________________________________________________________________

Unix/Linux-Administration
Andreas.Reschke@xxxxxxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux