Fail2ban Apache No-Script不遵守时间/重试设置

时间:2019-05-21 18:35:42

标签: apache fail2ban

因此,我会定期进行机器人活动,以搜索常见的PHP脚本文件。这是apache错误日志的示例。

[Tue May 21 12:21:16.739583 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/Appdd07f232.php' $
[Tue May 21 12:21:18.261379 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/help.php' not fou$
[Tue May 21 12:21:20.437945 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/java.php' not fou$
[Tue May 21 12:21:24.447628 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/_query.php' not f$
[Tue May 21 12:21:24.817496 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/test.php' not fou$
[Tue May 21 12:21:28.447020 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/db_cts.php' not f$
[Tue May 21 12:21:28.874292 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/db_pma.php' not f$
[Tue May 21 12:21:32.448169 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/logon.php' not fo$
[Tue May 21 12:21:36.484721 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/help-e.php' not f$
[Tue May 21 12:21:37.499951 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/license.php' not $
[Tue May 21 12:21:44.479297 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/hell.php' not fou$
[Tue May 21 12:21:44.837493 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/pmd_online.php' n$
[Tue May 21 12:21:45.195252 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/x.php' not found $
[Tue May 21 12:21:45.586476 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/shell.php' not fo$
[Tue May 21 12:21:48.477513 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/htdocs.php' not f$
[Tue May 21 12:21:49.446109 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/b.php' not found $
[Tue May 21 12:21:51.232649 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/sane.php' not fou$
[Tue May 21 12:21:52.474625 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/desktop.ini.php' $
[Tue May 21 12:21:52.816104 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/z.php' not found $
[Tue May 21 12:21:53.177501 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/lala.php' not fou$
[Tue May 21 12:21:53.534849 2019] [:error] [pid 6677] [client 47.101.215.255:37600] script '/var/www/lala-dpr.php' not$

我的/etc/fail2ban/jail.local相关部分如下所示。

[apache-noscript]

enabled  = true
port     = http,https
filter   = apache-noscript
logpath  = /var/log/apache*/*error.log
maxretry = 3
findtime = 7

根据时间,似乎在7秒内有3个以上的maxretry,尽管对于不同的URL来说,是SAME URL的maxretry还是任何无脚本的(即404条件)。不知道在哪里配置。

0 个答案:

没有答案
相关问题
最新问题