Forum Ubuntu-it

Il forum della comunità italiana di Ubuntu.
https://forum.ubuntu-it.org/

Configurare fail2ban

https://forum.ubuntu-it.org/viewtopic.php?f=28&t=510994

Pagina 1 di 1

Configurare fail2ban

Inviato: domenica 26 febbraio 2012, 5:42
da maidasette
Gestisco un piccolo sito web e dal log di apache2 vedo che spesso subisco attacchi come questi:

Codice: Seleziona tutto

03.151.232.51 - - [25/Feb/2012:10:00:20 +0100] "GET HTTP/1.1 HTTP/1.1" 400 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:20 +0100] "GET /index.php HTTP/1.1" 404 467 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:21 +0100] "GET /admin/index.php HTTP/1.1" 404 471 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:22 +0100] "GET /admin/pma/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:22 +0100] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:23 +0100] "GET /db/index.php HTTP/1.1" 404 469 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:23 +0100] "GET /dbadmin/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:24 +0100] "GET /myadmin/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:24 +0100] "GET /mysql/index.php HTTP/1.1" 404 471 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:25 +0100] "GET /mysqladmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:25 +0100] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:26 +0100] "GET /phpadmin/index.php HTTP/1.1" 404 472 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:27 +0100] "GET /phpMyAdmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:27 +0100] "GET /phpmyadmin/index.php HTTP/1.1" 404 474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:28 +0100] "GET /phpmyadmin1/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:28 +0100] "GET /phpmyadmin2/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:29 +0100] "GET /pma/index.php HTTP/1.1" 404 469 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:29 +0100] "GET /web/phpMyAdmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:30 +0100] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:31 +0100] "GET /web/index.php HTTP/1.1" 404 470 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:31 +0100] "GET /php-my-admin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:32 +0100] "GET /websql/index.php HTTP/1.1" 404 472 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:32 +0100] "GET /phpmyadmin/index.php HTTP/1.1" 404 474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:33 +0100] "GET /phpMyAdmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:33 +0100] "GET /phpMyAdmin-2/index.php HTTP/1.1" 404 477 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:34 +0100] "GET /php-my-admin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:35 +0100] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:35 +0100] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:36 +0100] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:36 +0100] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:37 +0100] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 481 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:37 +0100] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:38 +0100] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:39 +0100] "GET /phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 404 481 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:39 +0100] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:40 +0100] "GET /phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 404 483 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:40 +0100] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:41 +0100] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:41 +0100] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:42 +0100] "GET  HTTP/1.1" 400 301 "-" "-"
Non riesco a configurare fail2ban per mettere in jail l'IP da cui proviene l'attacco.
Grazie per i suggerimenti

Re: Configurare fail2ban

Inviato: domenica 26 febbraio 2012, 21:34
da Stealth
Hai già visto questa guida?
ciao

Re: Configurare fail2ban

Inviato: lunedì 27 febbraio 2012, 7:01
da maidasette
Quella guida in particolare no però ho visto che esiste un modulo apache mod_security di cui non conoscevo l'esistenza, lo installo e vedrò se mi risolve il problema. Grazie
Tutti gli orari sono UTC+02:00 Europa/Roma
Pagina 1 di 1

Basato su phpBB® Forum Software © phpBB Limited • PostgreSQL© • Megmoticons©