How to block these?

A

anewday

Well-Known Member
#1
#1
I see a ton of these entries in the error_log from different IPs but they don't appear on the domain access logs. It doesn't show any specific vhost. :confused:

Code: 
2010-08-05 21:13:18.275	INFO	[200.111.13.242:23166-68#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.5.7/scripts/setup.php]
2010-08-05 21:13:18.313	INFO	[200.111.13.242:26240-80#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-rc3/scripts/setup.php]
2010-08-05 21:13:18.499	INFO	[200.111.13.242:23166-69#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.5.8/scripts/setup.php]
2010-08-05 21:13:18.509	INFO	[200.111.13.242:26240-81#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0/scripts/setup.php]
2010-08-05 21:13:18.724	INFO	[200.111.13.242:26240-82#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1-pl1/scripts/setup.php]
2010-08-05 21:13:18.726	INFO	[200.111.13.242:23166-70#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.5.9/scripts/setup.php]
2010-08-05 21:13:18.914	INFO	[200.111.13.242:26240-83#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1-pl2/scripts/setup.php]
2010-08-05 21:13:18.955	INFO	[200.111.13.242:23166-71#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-alpha/scripts/setup.php]
2010-08-05 21:13:19.099	INFO	[200.111.13.242:26240-84#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1-pl3/scripts/setup.php]
2010-08-05 21:13:19.176	INFO	[200.111.13.242:23166-72#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-alpha2/scripts/setup.php]
2010-08-05 21:13:19.314	INFO	[200.111.13.242:26240-85#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1-rc1/scripts/setup.php]
2010-08-05 21:13:19.396	INFO	[200.111.13.242:23166-73#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-beta1/scripts/setup.php]
2010-08-05 21:13:19.520	INFO	[200.111.13.242:26240-86#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1-rc2/scripts/setup.php]
2010-08-05 21:13:19.620	INFO	[200.111.13.242:23166-74#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-beta2/scripts/setup.php]
2010-08-05 21:13:19.713	INFO	[200.111.13.242:26240-87#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.1/scripts/setup.php]
2010-08-05 21:13:19.844	INFO	[200.111.13.242:23166-75#APVH_Default] File not found [/usr/local/apache/htdocs/phpMyAdmin-2.6.0-pl1/scripts/setup.php]
Code: 
2010-08-04 04:08:00.333	INFO	[74.63.192.178:4555-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:08:00.335	INFO	[74.63.192.178:4557-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:08:01.035	INFO	[74.63.192.178:2197-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:33:36.602	INFO	[174.132.220.130:3487-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:33:36.603	INFO	[174.132.220.130:3488-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:33:36.606	INFO	[174.132.220.130:3489-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
2010-08-04 04:33:37.445	INFO	[174.132.220.130:4075-0#APVH_Default] File not found [/usr/local/apache/htdocs/w00tw00t.at.ISC.SANS.DFind:)]
Is there any way to ban those IPs automatically?
 
N

NiteWave

Administrator
#2
#2
you can try fail2ban to search error_log for "File not found". configure it for example during 1 minutes, there are 15 "File not found" log entries from a single IP, then ban the IP for 10 minutes.
 
N

NiteWave

Administrator
#4
#4
install fail2ban, configure it as I suggested in previous post. The IP will be blocked by firewall -- iptables, so not reach lsws and not leave more logs in error_log
 
You must log in or register to reply here.
Top