[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to block 'rogue' attemps from China

Juha Tuuna wrote:
> Thierry Chatelet wrote:
>>> fail2ban?
>> hmm ... looks interesting. What about the cpu usage? My router is an old
>> Debian machine, intel 450 MHz and 375 MB RAM.
> 
> I run fail2ban on a 262MHz Amd K6-2 with 48MiB of RAM. Works nicely.
> 

Thanks, this is very helpful in fixing some sort of a reference.

I have installed fail2ban and now I am waiting to catch some fish :)

For the Koha log, I get the following typically:

[Mon Oct 06 01:00:03 2008] [error] [client 222.187.221.83] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 07:59:19 2008] [error] [client 222.187.221.113] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 12:29:20 2008] [error] [client 221.192.199.36] File does not
exist: /home/tmpuse/koha/opac/htdocs/myproxies


I am using the following stanza for it in my jail file of fail2ban:
[koha]

enabled = true
port    = http,https
filter  = my-koha.conf
logpath = /home/tmpuser/koha/var/log*error_log
maxretry = 2



with this filter:
failregex = error.*client <HOST>.*script.*not found or unable to stat$


Am I on the right track? (I am not familiar with regexp in Python).

Thanks.
Reply to: