Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
notes:fail2ban [2014/09/08 14:10] – [fail2ban for postfix/ssh] admin | notes:fail2ban [2014/09/08 14:12] – [Nginx] admin |
---|
fail2ban-client reload | fail2ban-client reload |
| |
===== Nginx ===== | ===== fail2ban for Nginx ===== |
Scanning in search of broken script is quite frequent. My nginx ''error.log'' file is full of (IP obfuscated): | Scanning in search of broken script is quite frequent. My nginx ''error.log'' file is full of (IP obfuscated): |
2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/admin/images/rn_logo.gif" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /admin/images/rn_logo.gif HTTP/1.1", host: "XYZ" | 2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/admin/images/rn_logo.gif" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /admin/images/rn_logo.gif HTTP/1.1", host: "XYZ" |
2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/vncviewer.jar" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /vncviewer.jar HTTP/1.1", host: "XYZ" | 2014/05/28 21:59:00 [error] 17394#0: *105 open() "/var/www/mailing/www/vncviewer.jar" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /vncviewer.jar HTTP/1.1", host: "XYZ" |
2014/05/28 21:59:01 [error] 17393#0: *111 "/var/www/mailing/www/Q_Evasive/index.php" is not found (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /Q_Evasive/ HTTP/1.1", host: "XYZ" | 2014/05/28 21:59:01 [error] 17393#0: *111 "/var/www/mailing/www/Q_Evasive/index.php" is not found (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /Q_Evasive/ HTTP/1.1", host: "XYZ" |
2014/05/28 21:59:01 [error] 17393#0: *109 open() "/var/www/mailing/www/formmail.html" failed (2: No such file or directory), client: 64.39.256.256, server: XYZ, request: "GET /formmail.html HTTP/1.0", host: "XYZ" | 2014/05/28 21:59:01 [error] 17393#0: *109 open() "/var/www/mailing/www/formmail.html" failed (2: No such file or directory), client: 1.2.3.4, server: XYZ, request: "GET /formmail.html HTTP/1.0", host: "XYZ" |
| |
Create new filter /etc/fail2ban/filter.d/nginx-scan.conf | Create new filter /etc/fail2ban/filter.d/nginx-scan.conf |
maxretry = 240 | maxretry = 240 |
| |
More advanced filters available at [1]. | More advanced filters for Nginx available at [1]. |
| |
Remember to reload rules with | |
| |
fail2ban-client reload | |
| |
[1] [[http://serverfault.com/questions/420895/how-to-use-fail2ban-for-nginx]] | [1] [[http://serverfault.com/questions/420895/how-to-use-fail2ban-for-nginx]] |