Apache errors and fail2ban
I got my first Linode about a month ago, and everything is great, but I have a question:
I'm running Ubuntu 10.04, and in the apache log /var/log/apache2/error.log.1 are many "File does not exist" statements, most of them are for PHPMyAdmin or some CMS, none of which I have.
Should I be blocking these or what?
I tried putting the code below into my Fail2ban jail.conf, but in the fail2ban log it shows its an invalid command:
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php</host>
but I wasnt sure where to put it so I put it here
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php
maxretry = 6</host>
I'm sure I'm not the only one getting these errors, but I couldn't find a thread about what any body else is doing with these errors.
1 Reply
Further, the failregex condition doesn't belong in the configuration file it belongs in the filter. From the example you've provided that would be /etc/fail2ban/filter.d/apache-noscript.
Look into fail2ban-regex to test your regex condition.