How to properly configure fail2ban to ban IP if it is accessing some wrong files

fail2ban

Solution 1:

You need to tell fail2ban (via the regex) where in the log entry it will find a <HOST> so that it can then ban that host. For a normal access log that would be at the beginning of the line so

<HOST> -.*(w00tw00t|main.php|setup.php)

would work but may not do exactly what you want as it would match the relevant triggers anywhere in the log entry.

You may want to try something like

<HOST> -.*(/w00tw00t|/main.php |setup.php )

which should tie some of the strings down to more specific locations

Related

Does CoreOS have a cluster aware job scheduler?
Using more advanced filters with ansible setup module
Windows Server Backup Fails: There is not enough disk space to create the volume shadow copy...
MySQL remote connection - Access denied for user 'username'@'localhost' (using password: YES)
Getting a chunked request through nginx
Is it possible to reduce NodeJS memory usage (e.g., Ghost blogging platform)
Adding a self-signed cert to the trusted certs within cURL in Windows?
Limit Authentication to specific username in Nginx
Getting Cisco UCS Server's CPU Serial Numbers
Expect script error send: Spawn id exp4 not open while executing
Linux ZFS does not buffer writes to write buffer (SLOG/ZIL)?
CentOS port forwarding not working