Banning phpMyAdmin bots using fail2ban

I've had it with those evil bots trying to exploit non-existing phpMyAdmin installations on anything webserverish, therefore I wrote up a small fail2ban rule to ban those bastards after the third attempt. Maybe it's of help to you too, thus here it is.

Unable to display file "blog/media/20080414-apache-phpmyadmin.conf": It may not exist, or permission may be denied.

The badadmin matchers will prolly be extended in the future, this was just what I found regarding trial-and-error-URLs after a quick scan through the logs of one of the servers at work.

I added this to /etc/fail2ban/jail.conf to enable the rule:

enabled  = true
port     = http,https
filter   = apache-phpmyadmin
logpath  = /var/log/apache*/*error.log
maxretry = 3


[...] Banning phpMyAdmin bots using fail2ban [...]
[...] [...]
[...] [...]
[...] Gina Haeussge [...]
[...] Banning phpMyAdmin bots using fail2ban [...]
[...] [...]
[...] this blog post [...]
You could leave a comment if you were logged in.
blog/2008/04/banning_phpmyadmin_bots_using_fail2ban.txt · Last modified: 2008/04/14 09:39 by foosel