[GUIDE] How-to Use Fail2Ban to block bots phpMyAdmin etc

Reported by: Chris
Created: 11 months 18 days ago
Views: 1206

Hi All,

In the recent days I noticed this in my logs file.

Of course I want to exposed malicious IP and so forth but I noticed this "scumbag" would not stop anytime soon, so I came up with following solution:

Add/edit /etc/fail2ban/filter.dapache-antibot.conf

# change badurls to fit your taste and needs, this are the more common ones


badurls = myadmin|phpadmin|sql|webdb|wp-login\.php|soapCaller|manager|setup\.php|pma|status|admin\.php|phpmyadmin\.php|pma\.php|PMA|phpmyadmin|myadmin|mysql|mysqladmin|sqladmin|mypma|admin|xampp|mysqldb|mydb|db|pmadb|phpmyadmin1|phpmyadmin2|administrator|database|sql|phpMyAdmin|MyAdmin|dbadmin|php-myadmin|phpmy-admin|phpmyAdmin

failregex = ^(?i)<HOST> .* "(GET|POST|HEAD) .*(%(badurls)s).* HTTP.*" (403|404) .*$

            ^(?i)<HOST> .* "(GET|POST|HEAD) / HTTP.*" (403|404) .*$

ignoreregex =

Add/edit /etc/fail2ban/jail.conf

NOTE: * in the logpath includes all domains within tinycp hence if "" changes to a different domain, it will still get denied access to server.

The above filter plus existing recidive.conf will eradicate the scumbag

Hope this help someone out there.


Join our Discord server
Write a reply Edit a reply