Estou usando essa cadeia em /etc/fail2ban/jail.local
:
[nginx-bots]
enabled = true
port = http,https
filter = nginx-bots
logpath = /var/log/nginx/access.log*
maxretry = 1
bantime = 172800
findtime = 86400
Em seguida, em /etc/fail2ban/filter.d
, tenho o arquivo nginx-bots.conf
[INCLUDES]
[Definition]
failregex = ^<HOST> - .* "GET /?/phpmyadmin/
^<HOST> - .* "GET /?/phpMyAdmin/
^<HOST> - .* "GET /?/pma/
^<HOST> - .* "GET /?/PMA/
^<HOST> - .* "GET /?/sqlmanager/
^<HOST> - .* "GET /?/sqladmin/
^<HOST> - .* "GET /?/phpmyadmin-?2/
^<HOST> - .* "GET /?/phpMyAdmin-?2/
^<HOST> - .* "GET /?/mysqlmanager/
^<HOST> - .* "GET /?/webadmin/
^<HOST> - .* "GET /?/php-my-admin/
^<HOST> - .* "GET /?/myadmin
^<HOST> - .* "GET /?/MyAdmin
^<HOST> - .* "GET /?/cgi-bin/
^<HOST> - .* "POST /?/%%
^<HOST> - .* "GET /admin/config.php
^<HOST> - .* "GET /idssvc/iesvc
^<HOST> - .* "GET /vtigercrm/
^<HOST> - .* "GET /wstats/wstats
^<HOST> - .* "GET /CluJaNul/
^<HOST> - .* "GET /bynazi/
^<HOST> - .* "GET /invoker/
^<HOST> - .* "GET \x
^<HOST> - .* "GET /jmx-console/
^<HOST> - .* "GET /zecmd/
^<HOST> - .* "GET /?/manager/html/upload
^<HOST> - .* "GET /w00tw00t
^<HOST> - .* "GET /muieblackcat
ignoreregex =
No entanto, no meu access.log, esse IP não está bloqueado:
93.93.17.80 - - [24/Jul/2017:19:03:17 +0100] "HEAD http://*********:80/db/phpmyadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/db/phpMyAdmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/sqlmanager/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysqlmanager/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/php-myadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/phpmy-admin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysqladmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysql-admin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/phpmyadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/phpMyAdmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/sysadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/sqladmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"