Fail2ban Não está proibindo o endereço IP

1

Estou usando essa cadeia em /etc/fail2ban/jail.local :

[nginx-bots]
enabled  = true
port     = http,https
filter   = nginx-bots
logpath  = /var/log/nginx/access.log*
maxretry = 1
bantime  = 172800
findtime = 86400

Em seguida, em /etc/fail2ban/filter.d , tenho o arquivo nginx-bots.conf

[INCLUDES]

[Definition]
failregex =     ^<HOST> - .* "GET /?/phpmyadmin/
                ^<HOST> - .* "GET /?/phpMyAdmin/
                ^<HOST> - .* "GET /?/pma/
                ^<HOST> - .* "GET /?/PMA/
                ^<HOST> - .* "GET /?/sqlmanager/
                ^<HOST> - .* "GET /?/sqladmin/
                ^<HOST> - .* "GET /?/phpmyadmin-?2/
                ^<HOST> - .* "GET /?/phpMyAdmin-?2/
                ^<HOST> - .* "GET /?/mysqlmanager/
                ^<HOST> - .* "GET /?/webadmin/
                ^<HOST> - .* "GET /?/php-my-admin/

                ^<HOST> - .* "GET /?/myadmin
                ^<HOST> - .* "GET /?/MyAdmin
                ^<HOST> - .* "GET /?/cgi-bin/
                ^<HOST> - .* "POST /?/%%
                ^<HOST> - .* "GET /admin/config.php
                ^<HOST> - .* "GET /idssvc/iesvc
                ^<HOST> - .* "GET /vtigercrm/
                ^<HOST> - .* "GET /wstats/wstats
                ^<HOST> - .* "GET /CluJaNul/
                ^<HOST> - .* "GET /bynazi/
                ^<HOST> - .* "GET /invoker/
                ^<HOST> - .* "GET \x
                ^<HOST> - .* "GET /jmx-console/
                ^<HOST> - .* "GET /zecmd/
                ^<HOST> - .* "GET /?/manager/html/upload

                ^<HOST> - .* "GET /w00tw00t
                ^<HOST> - .* "GET /muieblackcat

ignoreregex =

No entanto, no meu access.log, esse IP não está bloqueado:

93.93.17.80 - - [24/Jul/2017:19:03:17 +0100] "HEAD http://*********:80/db/phpmyadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/db/phpMyAdmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/sqlmanager/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysqlmanager/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/php-myadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/phpmy-admin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysqladmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/mysql-admin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/phpmyadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/phpMyAdmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/sysadmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
93.93.17.80 - - [24/Jul/2017:19:03:18 +0100] "HEAD http://*********:80/admin/sqladmin/ HTTP/1.1" 301 0 "-" "Mozilla/5.0 Jorgee"
    
por Joanna Mikalai 24.07.2017 / 20:53

0 respostas