Gordon: "If you're interested...."
For sure I am. I'm interested in tools to use for blocking certain bad activities on the server. This is what I want to get rid of:
203.211.140.185 - - [17/Apr/2012:18:09:55 +0200] "GET /muieblackcat HTTP/1.1" 404 469 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:55 +0200] "GET //index.php HTTP/1.1" 404 466 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:56 +0200] "GET //admin/index.php HTTP/1.1" 200 4563 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:57 +0200] "GET //admin/pma/index.php HTTP/1.1" 404 617 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:58 +0200] "GET //admin/phpmyadmin/index.php HTTP/1.1" 404 617 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:58 +0200] "GET //db/index.php HTTP/1.1" 404 469 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:09:59 +0200] "GET //dbadmin/index.php HTTP/1.1" 404 472 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:00 +0200] "GET //myadmin/index.php HTTP/1.1" 404 472 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:01 +0200] "GET //mysql/index.php HTTP/1.1" 404 472 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:01 +0200] "GET //mysqladmin/index.php HTTP/1.1" 404 475 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:02 +0200] "GET //typo3/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:03 +0200] "GET //phpadmin/index.php HTTP/1.1" 404 472 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:03 +0200] "GET //phpMyAdmin/index.php HTTP/1.1" 404 474 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:04 +0200] "GET //phpmyadmin/index.php HTTP/1.1" 404 473 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:05 +0200] "GET //phpmyadmin1/index.php HTTP/1.1" 404 474 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:06 +0200] "GET //phpmyadmin2/index.php HTTP/1.1" 404 474 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:06 +0200] "GET //pma/index.php HTTP/1.1" 404 470 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:07 +0200] "GET //web/phpMyAdmin/index.php HTTP/1.1" 404 477 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:08 +0200] "GET //xampp/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:08 +0200] "GET //web/index.php HTTP/1.1" 404 469 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:09 +0200] "GET //php-my-admin/index.php HTTP/1.1" 404 475 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:10 +0200] "GET //websql/index.php HTTP/1.1" 404 472 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:11 +0200] "GET //phpmyadmin/index.php HTTP/1.1" 404 473 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:11 +0200] "GET //phpMyAdmin/index.php HTTP/1.1" 404 474 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:12 +0200] "GET //phpMyAdmin-2/index.php HTTP/1.1" 404 476 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:13 +0200] "GET //php-my-admin/index.php HTTP/1.1" 404 475 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:13 +0200] "GET //phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 476 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:14 +0200] "GET //phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 478 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:15 +0200] "GET //phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 479 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:16 +0200] "GET //phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 479 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:16 +0200] "GET //phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 482 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:17 +0200] "GET //phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 482 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:18 +0200] "GET //phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 479 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:19 +0200] "GET //phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 404 482 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:19 +0200] "GET //phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 482 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:20 +0200] "GET //phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 404 482 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:21 +0200] "GET //phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 479 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:21 +0200] "GET //phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 479 "-" "-"
203.211.140.185 - - [17/Apr/2012:18:10:22 +0200] "GET //phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 482 "-" "-"
Fail2ban just doesn't ban anything. It says that "If time reference is not the same everywhere, then fail2ban won't ban any IP!"
Logs have to be synchronized:
http://www.fail2ban.org/wiki/index.php/FAQ_english
I just don't know how to synchronize them if that's the problem.
I was curious to know if anybody had fail2ban running. Mine is running but it doesn't do the job.