Fail2ban block 404 scan and invalid method in request on Apache server

Fail2ban block 404 scan and invalid method in request on Apache server

1. Create filter
/etc/fail2ban/filter.d/apache-404.conf

[Definition]

failregex = [[]client <HOST>[]] File does not exist: *
                   [[]client <HOST>[]] Invalid method in request *
 
ignoreregex =

2. Add new jail

/etc/fail2ban/jail.conf

[apache-404]
enabled = true
port = http,https
filter = apache-404
action  = iptables-multiport[name=apache-404,port="80,443"]
logpath = /var/log/httpd/error_log
#you can add email notification as well
action  = iptables-multiport[name=apache-404, port="http,https", protocol=tcp]
          sendmail-whois[name=apache-404, [email protected], [email protected], sendername="Server-Fail2Ban"]

bantime = 172800
maxretry = 2
findtime = 86400   ; 1 day


3. If everything is ok, you can test it

with command:
 fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache-404.conf

outcome should be like this:

Running tests
=============

Use   failregex filter file : apache-404, basedir: /etc/fail2ban
Use         log file : /var/log/httpd/error_log
Use         encoding : UTF-8


Results
=======

Failregex: 138 total
|-  #) [# of hits] regular expression
|   1) [132] [[]client <HOST>[]] File does not exist: *
|   2) [6] [[]client <HOST>[]] Invalid method in request *
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [146] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
`-

Lines: 146 lines, 0 ignored, 138 matched, 8 missed
[processed in 0.03 sec]

|- Missed line(s):
|  [Mon Jul 10 05:07:58 2017] [error] [client 141.212.122.48] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
|  [Tue Jul 11 12:27:28 2017] [error] [client 187.20.208.103] script '/var/www/html/command.php' not found or unable to stat
|  [Wed Jul 12 04:00:18 2017] [error] [client 117.43.152.107] request failed: error reading the headers
|  [Thu Jul 13 07:12:54 2017] [error] [client 138.185.16.2] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
|  [Thu Jul 13 18:05:54 2017] [error] [client 223.105.4.250] script '/var/www/html/index.php' not found or unable to stat


Comments

Post a Comment

Popular posts from this blog

How to clean DB from old logs in Magento 1.x

How to clean DB from old logs in Magento 1.x Using MySQL truncate log_customer ; truncate log_quote ; truncate log_summary ; truncate log_summary_type ; truncate log_url ; truncate log_url_info ; truncate log_visitor ; truncate log_visitor_info ; truncate log_visitor_online ;     login to shell(SSH)  go with root/shell folder. execute the below command inside the shell folder   php - f log . php clean   enter this command to view the log data's size php -f log.php status This method will help you to clean the log data's very easy way.  
Read more

Reduce (shrink) and resize raw disk at Proxmox

 Reduce (shrink) and resize raw disk at Proxmox 1. Check the status of raw disk:   #e2fsck -fy /hdd-img/images/111/vm-111-disk-1.raw e2fsck 1.46.5 (30-Dec-2021) Pass 1: Checking inodes, blocks, and sizes Pass 2: Checking directory structure Pass 3: Checking directory connectivity Pass 4: Checking reference counts Pass 5: Checking group summary information /hdd-img/images/111/vm-111-disk-1.raw: 135279/327680000 files (1.8% non-contiguous), 857599886/1310720000 blocks  2. At first, check raw disk size:   #qemu-img info /hdd-img/images/111/vm-111-disk-1.raw image: /hdd-img/images/111/vm-111-disk-1.raw file format: raw virtual size: 4.88 TiB (5368709120000 bytes) disk size: 3.59 TiB  3. Resize filesystem: -M - will resize to the minimum size based on saved files -p - will display progress bar #resize2fs -M -p /hdd-img/images/111/vm-111-disk-1.raw resize2fs 1.46.5 (30-Dec-2021) Resizing the filesystem on /hdd-img/images/111/vm-111-disk-1.raw to 852166716 (4k) blocks. Begin pass 2 (max = 196
Read more

Apache 2.4 + mod_wsgi + Python 3.7 + Django installation on Centos 7.10

How to Apache 2.4 + mod_wsgi + Python 3.7 + Django installation   Httpd 2.4 1. Install  httpd yum install httpd   2. Install  httpd-devel yum install httpd-devel  Python 3.7 on Centos 7.10 1. Download the newest python cd /opt/ wget -dvS --no-check-certificate https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz 2. Unpack and install tar xzf Python-3.7.0.tgz cd /opt/Python-3.7.0/ ./configure --prefix=/usr/local --enable-shared --with-threads --enable-optimizations make altinstall   to test if works: python3.7 -V mod_wsgi 0. (optional) uninstall current mod_wsgi yum erase mod_wsgi 1. Download the newest mod_wsgi and install cd /opt/ wget https://files.pythonhosted.org/packages/9e/37/dd336068ece37c43957aa337f25c59a9a6afa98086e5507908a2d21ab807/mod_wsgi-4.6.4.tar.gz tar xzf mod_wsgi-4.6.4.tar.gz cd mod_wsgi-4.6.4.tar.gz  ./configure --with-python=/usr/local/bin/python3.7 LD_RUN_PATH=/usr/local/lib make make install 2. Add p
Read more