Configurare fail2ban

Installazione, configurazione e uso di Ubuntu come server: web, ftp, mail, news, proxy, dns e altro.
Immagine Server WebServer FtpServer MailServer ProxyServer Dns
Scrivi risposta
Avatar utente
maidasette
Imperturbabile Insigne
Imperturbabile Insigne
Messaggi: 3331
Iscrizione: domenica 25 giugno 2006, 9:27
Località: Trieste

Configurare fail2ban

Messaggio da maidasette »

Gestisco un piccolo sito web e dal log di apache2 vedo che spesso subisco attacchi come questi:

Codice: Seleziona tutto

03.151.232.51 - - [25/Feb/2012:10:00:20 +0100] "GET HTTP/1.1 HTTP/1.1" 400 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:20 +0100] "GET /index.php HTTP/1.1" 404 467 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:21 +0100] "GET /admin/index.php HTTP/1.1" 404 471 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:22 +0100] "GET /admin/pma/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:22 +0100] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:23 +0100] "GET /db/index.php HTTP/1.1" 404 469 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:23 +0100] "GET /dbadmin/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:24 +0100] "GET /myadmin/index.php HTTP/1.1" 404 473 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:24 +0100] "GET /mysql/index.php HTTP/1.1" 404 471 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:25 +0100] "GET /mysqladmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:25 +0100] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:26 +0100] "GET /phpadmin/index.php HTTP/1.1" 404 472 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:27 +0100] "GET /phpMyAdmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:27 +0100] "GET /phpmyadmin/index.php HTTP/1.1" 404 474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:28 +0100] "GET /phpmyadmin1/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:28 +0100] "GET /phpmyadmin2/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:29 +0100] "GET /pma/index.php HTTP/1.1" 404 469 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:29 +0100] "GET /web/phpMyAdmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:30 +0100] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:31 +0100] "GET /web/index.php HTTP/1.1" 404 470 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:31 +0100] "GET /php-my-admin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:32 +0100] "GET /websql/index.php HTTP/1.1" 404 472 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:32 +0100] "GET /phpmyadmin/index.php HTTP/1.1" 404 474 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:33 +0100] "GET /phpMyAdmin/index.php HTTP/1.1" 404 475 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:33 +0100] "GET /phpMyAdmin-2/index.php HTTP/1.1" 404 477 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:34 +0100] "GET /php-my-admin/index.php HTTP/1.1" 404 476 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:35 +0100] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 478 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:35 +0100] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:36 +0100] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:36 +0100] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:37 +0100] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 481 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:37 +0100] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:38 +0100] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 479 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:39 +0100] "GET /phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 404 481 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:39 +0100] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:40 +0100] "GET /phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 404 483 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:40 +0100] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:41 +0100] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 480 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:41 +0100] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 482 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1"
203.151.232.51 - - [25/Feb/2012:10:00:42 +0100] "GET  HTTP/1.1" 400 301 "-" "-"
Non riesco a configurare fail2ban per mettere in jail l'IP da cui proviene l'attacco.
Grazie per i suggerimenti
Par le petit garçon qui meurt près de sa mère
Tandis que des enfants s'amusent au parterre; ...
Par les gosses battus par l'ivrogne qui rentre,...
Ritorna su
Avatar utente
Stealth
Tenace Tecnocrate
Tenace Tecnocrate
Messaggi: 17366
Iscrizione: martedì 31 gennaio 2006, 22:55
Desktop: Gnome
Distribuzione: Ubuntu 22.04 LTS

Re: Configurare fail2ban

Messaggio da Stealth »

Hai già visto questa guida?
ciao
Ritorna su
Avatar utente
maidasette
Imperturbabile Insigne
Imperturbabile Insigne
Messaggi: 3331
Iscrizione: domenica 25 giugno 2006, 9:27
Località: Trieste

Re: Configurare fail2ban

Messaggio da maidasette »

Quella guida in particolare no però ho visto che esiste un modulo apache mod_security di cui non conoscevo l'esistenza, lo installo e vedrò se mi risolve il problema. Grazie
Par le petit garçon qui meurt près de sa mère
Tandis que des enfants s'amusent au parterre; ...
Par les gosses battus par l'ivrogne qui rentre,...
Ritorna su
Scrivi risposta

Ritorna a “Ubuntu su server”

Chi c’è in linea

Visualizzano questa sezione: 0 utenti iscritti e 3 ospiti