Apache errors and fail2ban

Hi,

I got my first Linode about a month ago, and everything is great, but I have a question:

I'm running Ubuntu 10.04, and in the apache log /var/log/apache2/error.log.1 are many "File does not exist" statements, most of them are for PHPMyAdmin or some CMS, none of which I have.

Should I be blocking these or what?

I tried putting the code below into my Fail2ban jail.conf, but in the fail2ban log it shows its an invalid command:

failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php</host> 

but I wasnt sure where to put it so I put it here

[apache-noscript]

enabled = true
port    = http,https
filter  = apache-noscript
logpath = /var/log/apache*/*error.log
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php
maxretry = 6</host> 

I'm sure I'm not the only one getting these errors, but I couldn't find a thread about what any body else is doing with these errors.

1 Reply

You shouldn't be modifying jail.conf. Use jail.local to override the settings in jail.conf.

Further, the failregex condition doesn't belong in the configuration file it belongs in the filter. From the example you've provided that would be /etc/fail2ban/filter.d/apache-noscript.

Look into fail2ban-regex to test your regex condition.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct