CentOS

The Community ENTerprise Operating System
https://forums.centos.org/

URL's probing on my server

https://forums.centos.org/viewtopic.php?f=51&t=69552

Page 1 of 1

URL's probing on my server

Posted: 2019/01/30 10:10:53
by rob_imp
Hi guys,

Is it possible to count number of attempts and then blick IP in case if from this address someone was probing multiple filenames (404)
which is suggesting someone is trying to find a way to break in. It ended up with 404'a but it is annoying and slowing down my system.
So something like if there is a request from certain ip and number of 404 is higher than ..... block ip or at least sending up an email to let me know that there is something going on and then I can make a decision what to do with it ?

regards
Rob

Re: URL's probing on my server

Posted: 2019/01/30 10:53:18
by TrevorH
Sounds like a job for fail2ban to me.

Re: URL's probing on my server

Posted: 2019/01/30 11:09:24
by rob_imp
Hello TrevorH,

I've never used fail2ban to sort it out would you provide some example or eventually some personal experience in this matter please

Re: URL's probing on my server

Posted: 2019/01/30 16:52:25
by TrevorH
Not me, I've never used it but I know what it does. It searches log files for patterns that match and then takes action depending on those. Usually used for banning offending ip addresses via iptables for skript kiddies trying to break into a system via ssh or http.

Re: URL's probing on my server

Posted: 2019/01/30 17:37:58
by rob_imp
Oh well, but at least I have some idea how to :P Thanx Trevor
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited