On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote: > Maybe not, for a small website. However, let me re-suggest fail2ban, with > three lines from one of our config files: > failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c > onfig\.inc|main)\.php.*".*404.* > ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.* > ^<HOST> -.*"GET /w00tw00t\.at
Mark, Looking at your example seems to suggest Fail2Ban is an 'after the event' response. I would like to implement 'before the event' filtering which prevents, even on the first detected hacking attempt, anything reaching HTTPD. Paul. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
