Re: [Fail2ban-users] apache-noscript

Wed, 28 Nov 2018 00:12:33 -0800 

Hi,
I just looked at the logs again. I thought that the problem was a persistent html connection, but now I'm nut sure. 


[Wed Nov 28 07:30:42.164794 2018] [:error] [pid 7173] [client 
222.240.166.58:57396] script '/var/www/html/x.php' not found or unable 
to stat
[Wed Nov 28 07:30:42.604001 2018] [:error] [pid 7175] [client 
222.240.166.58:3854] script '/var/www/html/htfr.php' not found or unable 
to stat



These are two consecutive lines. I can see that the originating port 
changes, but based on the timestamp, the ip-address should already be 
banned :



2018-11-28 07:29:55,333 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:55,592 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:55,852 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:56,126 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:56,381 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:56,646 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:56,911 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:57,061 fail2ban.actions        [1508]: NOTICE 
[apache-noscript] Ban 222.240.166.58
2018-11-28 07:29:57,174 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:57,435 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:57,699 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:57,956 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:58,210 fail2ban.filter         [1508]: INFO 
[apache-noscript] Found 222.240.166.58
2018-11-28 07:29:58,296 fail2ban.actions        [1508]: NOTICE 
[apache-noscript] 222.240.166.58 already banned


iptables -L gives this for the banned IP's :

Chain dynamic (1 references)
target     prot opt source               destination
reject     all  --  58.218.198.169       anywhere
drop    all  --  222.240.166.58       anywhere
drop    all  --  60.146.175.59.broad.wh.hb.dynamic.163data.com.cn anywhere

Any thoughts ?

Koenraad.



_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to