Block IPs if they access a resource

apache-2.2 iptables block attacks

I own a server that it's costantly being attacked by scripts (that try to access to phpMyAdmin's setup file's and stuff like this). I've heard that many people get this kinds of attacks, but I'm starting to worry since they are getting more common (last month I got 2 attacks, and on november 7th there are 3 attempts already (1st, 4th and 6th of nov).

I'm not really concerned about it, since I don't have any database. All the info i have on that server is absolutely public, but I'm worried about that attacking-rate increase.

So I thought I could -temporarily- block the IPs that come from those attackers, or something that could make my server ignore requests that ask for phpMyAdmin, pma, xamp, etc.

Is there something like that? my server is Linux+Apache+Php


Solution 1:

There's a program called fail2ban which is designed to watch a log file for text matching a regexp - usually signatures of a failed login, or script attack - and block the requesting IP for a configurable period of time via iptables rules.

Given that their main page explicitly mentions watching an apache logfile, then provided you can say exactly what the log signature of one of these "attacks" looks like, I suspect this might be just the sort of thing you're looking for.

Related

Conditionnal relay in postfix
User Specific Php.ini When php is ran as a module?
anti-virus / malware solution for small non-profit network [closed]
100% disk full on Centos?
Ansible playbook not working trying to run patch
VMware NIC Teaming - How to gain more than 1Gbit/s copy speed between two VMs?
Unable to install an OS on Mac (prohibited sign)
Disk Images no longer show up in Finder's Sidebar
How do I find out word count in pages 5.2.2
Recovering the ability to install an iOS app from macOS
Turn off USB power on OS X/Mac Mini
Keyboard shortcut for jumping directly to a specific input method