SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
PHP MySQL admin tools
/etc/fail2ban/filter.d/phpmyadmin.conf
:
# Fail2Ban configuration file
#
# Check Apache logs for attempts to access PHP admin tools
#
[Definition]
# Option: failregex
# Notes.: regex to match the 404'ed PMA file in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/config\.inc|main|scripts/setup)\.php.*".*404.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Edit /etc/fail2ban/jail.conf
and add:
# This jail blocks phpmyadmin probes
[phpmyadmin]
enabled = true
filter = phpmyadmin
action = iptables-allports[name=pma]
logpath = /path/to/apache/logfile
bantime = -1
maxretry = 1
- Log in to post comments