[MVLUG] fail2ban for apache2?

Joe Pfeiffer joseph at pfeifferfamily.net
Sat Dec 1 21:32:12 MST 2012


fail2ban is a neat little applications that watches for repeated login
failures and bans IP addresses for a configurable amount of time after
several failures.

This evening, I noticed an IP address that was making a huge number of
attempts to get at my web server, using very suspicious requests:

vms.unitedbankservice.com - - [01/Dec/2012:21:21:23 -0700] "GET /phpMyAdmin/ HTTP/1.1" 403 496 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:21:35 -0700] "GET /phpmyadmin/ HTTP/1.1" 403 496 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:21:47 -0700] "GET /phpmyadmin1/ HTTP/1.1" 403 497 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:21:59 -0700] "GET /phpmyadmin2/ HTTP/1.1" 403 497 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:22:11 -0700] "GET /pma/ HTTP/1.1" 403 489 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:22:23 -0700] "GET /web/phpMyAdmin/ HTTP/1.1" 403 500 "-" "-"
vms.unitedbankservice.com - - [01/Dec/2012:21:22:35 -0700] "GET /xampp/phpmyadmin/ HTTP/1.1" 403 502 "-" "-"

I added a rule to my iptables to drop any packets from that site...
While it was nice to see that so far as I know none of the attempts
were successful, I wonder if there is a module or other configuration
option for apache2 which will notice a pattern of failed requests and
ban the site?
-- 
Joseph J. Pfeiffer, Jr., Ph.D.                 http://pfeifferfamily.net/
1440 Tierra del Sol Dr                         575.525.2764 (H)
Las Cruces, NM 88007                           575.496.3501 (C)


More information about the MVLUG mailing list