[MVLUG] fail2ban for apache2?

Michael Harris shifty.cow at gmail.com
Sat Dec 1 21:46:38 MST 2012


It looks like Fail2Ban can monitor Apache logs, too:

http://www.jquantlib.org/index.php/Protecting_Apache_with_Fail2Ban_on_Debian
http://www.fail2ban.org/wiki/index.php/Apache

-Michael

On Sat, Dec 1, 2012 at 9:32 PM, Joe Pfeiffer <joseph at pfeifferfamily.net>wrote:

> fail2ban is a neat little applications that watches for repeated login
> failures and bans IP addresses for a configurable amount of time after
> several failures.
>
> This evening, I noticed an IP address that was making a huge number of
> attempts to get at my web server, using very suspicious requests:
>
> vms.unitedbankservice.com - - [01/Dec/2012:21:21:23 -0700] "GET
> /phpMyAdmin/ HTTP/1.1" 403 496 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:21:35 -0700] "GET
> /phpmyadmin/ HTTP/1.1" 403 496 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:21:47 -0700] "GET
> /phpmyadmin1/ HTTP/1.1" 403 497 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:21:59 -0700] "GET
> /phpmyadmin2/ HTTP/1.1" 403 497 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:22:11 -0700] "GET /pma/
> HTTP/1.1" 403 489 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:22:23 -0700] "GET
> /web/phpMyAdmin/ HTTP/1.1" 403 500 "-" "-"
> vms.unitedbankservice.com - - [01/Dec/2012:21:22:35 -0700] "GET
> /xampp/phpmyadmin/ HTTP/1.1" 403 502 "-" "-"
>
> I added a rule to my iptables to drop any packets from that site...
> While it was nice to see that so far as I know none of the attempts
> were successful, I wonder if there is a module or other configuration
> option for apache2 which will notice a pattern of failed requests and
> ban the site?
> --
> Joseph J. Pfeiffer, Jr., Ph.D.                 http://pfeifferfamily.net/
> 1440 Tierra del Sol Dr                         575.525.2764 (H)
> Las Cruces, NM 88007                           575.496.3501 (C)
> _______________________________________________
> MVLUG mailing list
> MVLUG at mvlug.org
> http://lists.mvlug.org/mailman/listinfo/mvlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mvlug.org/pipermail/mvlug/attachments/20121201/ea0d6195/attachment.html>


More information about the MVLUG mailing list