Notes on some fail2ban patterns to watch apache logs for suspicious activity.
Install in the directory path indicated by the folder structure.
With recent versions of fail2ban, these files can just be added alongsite your existing settings without conflict. Older ones may require you to merge the jail.d settings with a jail.local file
NOTE: I am using scans of apace ACCESS logs, and may be using extended log format - thus the regexps may need to differ. This is unpredictable, and probably why there are so few shared examples out there. You may be expected to modify these to your own needs.
.dan. 2014-10
- https://github.com/miniwark/miniwark-howtos/wiki/Fail2Ban-setup-for-Apache
- http://drupal.org/project/fail2ban
- http://www.foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban
- http://www.fail2ban.org/wiki/index.php/HOWTO_apache_myadmin_filter
See the fail2ban-regex utility.