Fail2ban rules for Nginx and phpmyadmin?

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by superfedya on August 24, 2012 at 5:22pm

Hi,

Maybe somebody have the fail2ban rules for nginx and phpmyadmin?
To prevent brute force attack on phpmyadmin.

Apache kind of rules doesn't works on nginx:
http://www.foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban

Thanks

Categories: , ,

Comments

nginx sends 404s to the

Posted by brianmercer on August 24, 2012 at 6:25pm

nginx sends 404s to the access.log file and not the error.log file, so fail2ban would have to scan the access.log.

Then you'd have to change the failregex to pick out the lines with 404 status, something like: ^\"GET /(?:%(badadmin)) HTTP/1.+\" 404$ though I'm not sure exactly how that fail2ban regex is formatted.

I just saw this workaround

Posted by brianmercer on August 25, 2012 at 4:22am

I just saw this workaround for sending 404s to a separate file:
http://forum.nginx.org/read.php?2,230087

I would use

Posted by perusio on August 30, 2012 at 12:07am

the embedded Lua module to handle that properly. I wouldn't rely on the logs. I'll do it upfront probably using Redis for the persistence layer. Scanning the logs is a polling system, which it goes against the desired effect which should be event based IMO.

Nginx

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /