Apache Fail2Ban

gistfile1.txt

# Install fail2ban

$ sudo apt-get install fail2ban


#### /etc/fail2ban/jail.local

[apache]
enabled = true

[apache-noscript]
enabled = true

[apache-overflows]
enabled = true

[apache-phpmyadmin]
enabled  = true
port     = http,https
filter   = apache-phpmyadmin
logpath  = /var/log/apache*/*error.log
maxretry = 3

[apache-post]
enabled = true
filter = apache-post
action = iptables[name=httpd, port=80, protocol=tcp]
sendmail-whois[name=post_block, dest=yourmail@example.com]
logpath = /var/log/httpd/access_log
findtime = 10
bantime = 183600
maxretry = 10



##### /etc/fail2ban/filter.d/apache-post.conf

# Fail2Ban configuration file
#
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch known spambots and software alike. Please verify
# that it is your intent to block IPs which were driven by
# abovementioned bots.
# Values: TEXT
#
failregex = ^<HOST> -.*"POST.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =


##### /etc/fail2ban/filter.d/apache-phpmyadmin.conf

# Fail2Ban configuration file
#
# Bans bots scanning for non-existing phpMyAdmin installations on your webhost.
#
# Author: Gina Haeussge
#

[Definition]

docroot = /srv/www
badadmin = PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|$

# Option:  failregex
# Notes.:  Regexp to match often probed and not available phpmyadmin paths.
# Values:  TEXT
#
failregex = [[]client []] File does not exist: %(docroot)s/(?:%(badadmin)s)

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =