Hi,
I'm trying to harden a web-server. In the logfiles from apache I see a
number of attempts to get not-existing php-files so I used
apache-noscript to try to block the offending IP-address.
The filter fires, but the firewall does not block the IP-address. In
fail2ban's log-file I see a number of "already banned" messages for that
IP-address. I suspect the offender uses a persistent http-connection.
How can I block this attack ?
B.T.W. I'm using shorewall as a firewall. I already modified it's main
config file to :
BLACKLIST="INVALID,UNTRACKED" (i.e. I removed the NEW keyword).
I did this because the standard config didn't work also.
P.S. Fail2ban version is 0.9.3
TIA,
Koenraad
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
