Fail2Ban more skript kiddies poking 404 files

I review my web server logs pretty regularly, and there’s a pattern of 404’s I’ve seen recently that I haven’t been blocking up until now: searching each directory for ‘contact.php’ or ‘setup.php’ — the latter often searching for every variety of phpMyAdmin. I don’t have PMA on my machine, but I’d sure make sure I read all the instructions and removed setup.php if I had! (And you should, too!) I found this link that adds a simple test and rules using Fail2Ban to temporarily banning sites that hit too many 404’s too fast. I’ll have to see if this bonks too many search engines.

http://www.barbarycodes.com/2010/10/06/automated-banning-of-script-kiddies-with-fail2ban/

, , , , , ,

No comments yet.

Leave a Reply

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.