Re: how to block 'rogue' attemps from China
Juha Tuuna wrote:
> Thierry Chatelet wrote:
>>> fail2ban?
>> hmm ... looks interesting. What about the cpu usage? My router is an old
>> Debian machine, intel 450 MHz and 375 MB RAM.
>
> I run fail2ban on a 262MHz Amd K6-2 with 48MiB of RAM. Works nicely.
>
Thanks, this is very helpful in fixing some sort of a reference.
I have installed fail2ban and now I am waiting to catch some fish :)
For the Koha log, I get the following typically:
[Mon Oct 06 01:00:03 2008] [error] [client 222.187.221.83] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 07:59:19 2008] [error] [client 222.187.221.113] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 12:29:20 2008] [error] [client 221.192.199.36] File does not
exist: /home/tmpuse/koha/opac/htdocs/myproxies
I am using the following stanza for it in my jail file of fail2ban:
[koha]
enabled = true
port = http,https
filter = my-koha.conf
logpath = /home/tmpuser/koha/var/log*error_log
maxretry = 2
with this filter:
failregex = error.*client <HOST>.*script.*not found or unable to stat$
Am I on the right track? (I am not familiar with regexp in Python).
Thanks.
Reply to: