New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
phpMyAdmin installation
Re: phpMyAdmin installation
I know, it is probably somewhat stupid. I picked it up from someone, -1 means forever. How should it be written to ban only those looking for phpMyAdmin?
-
RandomUsername
- Posts: 904
- Joined: 09 Oct 2009, 18:49
Re: phpMyAdmin installation
Put this in a file in filter.d:
Put this in jail.local to ban the buggers for a month:
Code: Select all
[Definition]
failregex = ^<HOST> .*"GET \/.*?phpmyadmin.*?"
^<HOST> .*"GET \/.*?phpMyAdmin.*?"
^<HOST> .*"POST \/.*?phpmyadmin.*?"
^<HOST> .*"POST \/.*?phpMyAdmin.*?"
ignoreregex = Code: Select all
[apache-phpmyadmin]
enabled = true
port = http,https
filter = apache-phpmyadmin
logpath = /var/log/apache*/*access.log
maxretry = 0
bantime = 2419200-
RandomUsername
- Posts: 904
- Joined: 09 Oct 2009, 18:49
Re: phpMyAdmin installation
Also, there's a setting in jail.local that will exclude certain IP addresses from being blocked. I have my local network subnet and work IP addresses added to it so I can't accidentally block myself out.
Also also, this might be more sensible for your 404 settings:
Further, anyone implementing fail2ban on a bubba needs to be aware of this problem: http://forum.excito.net/viewtopic.php?f ... les#p21367
Have you done anything to work around this or do you have a static address?
Also also, this might be more sensible for your 404 settings:
Code: Select all
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/*access.log
findtime = 600
maxretry = 5
bantime = 86400Have you done anything to work around this or do you have a static address?
Re: phpMyAdmin installation
I have static address. I used Fail2ban against SSH abuse and it populated the jail beautifully, so it worked just fine. In fact I use SSH now only locally so Fail2ban has been mostly idle since I closed port 22.
I changed to the new config and restarted Fail2ban. I'll see how many flies it will catch.
For not getting blocked self I have ignoreip = 127.0.0.1
bantime = -1
maxretry = 3
I think this was default in /jail.local
I don't know how to write in the local network subnet. To block out oneself is a nasty experience. I moved from DenyHosts to Fail2ban after some such trouble.
Thx for the advice!
I changed to the new config and restarted Fail2ban. I'll see how many flies it will catch.
For not getting blocked self I have ignoreip = 127.0.0.1
bantime = -1
maxretry = 3
I think this was default in /jail.local
I don't know how to write in the local network subnet. To block out oneself is a nasty experience. I moved from DenyHosts to Fail2ban after some such trouble.
Thx for the advice!
-
RandomUsername
- Posts: 904
- Joined: 09 Oct 2009, 18:49
Re: phpMyAdmin installation
In the ignore IP setting just add the CIDR address for your network (default on bubba is 192.168.10.0/24 I think).