Created
June 20, 2014 06:00
-
-
Save KINKCreative/7e2fa2ca8196a9701f40 to your computer and use it in GitHub Desktop.
Apache Fail2Ban
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install fail2ban | |
$ sudo apt-get install fail2ban | |
#### /etc/fail2ban/jail.local | |
[apache] | |
enabled = true | |
[apache-noscript] | |
enabled = true | |
[apache-overflows] | |
enabled = true | |
[apache-phpmyadmin] | |
enabled = true | |
port = http,https | |
filter = apache-phpmyadmin | |
logpath = /var/log/apache*/*error.log | |
maxretry = 3 | |
[apache-post] | |
enabled = true | |
filter = apache-post | |
action = iptables[name=httpd, port=80, protocol=tcp] | |
sendmail-whois[name=post_block, dest=yourmail@example.com] | |
logpath = /var/log/httpd/access_log | |
findtime = 10 | |
bantime = 183600 | |
maxretry = 10 | |
##### /etc/fail2ban/filter.d/apache-post.conf | |
# Fail2Ban configuration file | |
# | |
# | |
# $Revision: 1 $ | |
# | |
[Definition] | |
# Option: failregex | |
# Notes.: Regexp to catch known spambots and software alike. Please verify | |
# that it is your intent to block IPs which were driven by | |
# abovementioned bots. | |
# Values: TEXT | |
# | |
failregex = ^<HOST> -.*"POST.* | |
# Option: ignoreregex | |
# Notes.: regex to ignore. If this regex matches, the line is ignored. | |
# Values: TEXT | |
# | |
ignoreregex = | |
##### /etc/fail2ban/filter.d/apache-phpmyadmin.conf | |
# Fail2Ban configuration file | |
# | |
# Bans bots scanning for non-existing phpMyAdmin installations on your webhost. | |
# | |
# Author: Gina Haeussge | |
# | |
[Definition] | |
docroot = /srv/www | |
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|$ | |
# Option: failregex | |
# Notes.: Regexp to match often probed and not available phpmyadmin paths. | |
# Values: TEXT | |
# | |
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s) | |
# Option: ignoreregex | |
# Notes.: regex to ignore. If this regex matches, the line is ignored. | |
# Values: TEXT | |
# | |
ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment