Fail2ban for Apache Scanner

mesranet

• December 27, 2018 15:29

Dear all, From my error_log i found lot of: [Fri Dec 28 04:42:55.657360 2018] [:error] [pid 13326:tid 140598092752640] [client 83.221.220.121:10239] File does not exist: /var/www/html/htdocs.php [Fri Dec 28 04:42:56.239232 2018] [:error] [pid 13209:tid 140598050793216] [client 83.221.220.121:10399] File does not exist: /var/www/html/desktop.ini.php [Fri Dec 28 04:42:56.862603 2018] [:error] [pid 13326:tid 140598019323648] [client 83.221.220.121:10571] File does not exist: /var/www/html/z.php [Fri Dec 28 04:42:57.409557 2018] [:error] [pid 13326:tid 140597977364224] [client 83.221.220.121:10746] File does not exist: /var/www/html/lala.php So i make a new rules for Fail2ban with: failregex = [[]client :*[]] File does not exist: /var/www/html/*.php But its doesnt work, Please help. Thank you so much

• 

  fuzzylogic

  • December 28, 2018 04:12

  Your regex is not right. You are using * which does not work as you intend. Use .* to do that. Here is a working version of what you tried to write... failregex = [[]client :.*[]] File does not exist: /var/www/html/.*\.php
  Here is a working version of a more specific failregex... failregex = [[]client :\w\d*[]] File does not exist: /var/www/html/\S*(?:htdocs|desktop\.ini|z|lala)\.php
  

  0
• 

  mesranet

  • December 28, 2018 12:39

  Dear Fuzzylogic, Thank you so much, its work great

  0
• 

  cPanelLauren

  • December 28, 2018 17:51

  Hello, Glad to see your issue was able to be resolved, @fuzzylogic thanks for your assistance and great advice!

  0

Please sign in to leave a comment.