Fail2Ban - 如何在 install.php 个文件上阻止 BruteForce?
Fail2Ban - How to block BruteForce on install.php files?
一个 IP 地址通过 BruteForce 扫描 install.php Wordpress 文件攻击我的服务器:
/var/www/vhosts/website1.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:33 +0200] "GET /wp-admin/install.php HTTP/1.1" 200 5503 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website2.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:43 +0200] "GET /wp-admin/install.php HTTP/1.1" 403 5686 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website3.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:35 +0200] "GET /wp-admin/install.php HTTP/1.1" 200 6290 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website4.tld/logs/access_log:104.248.227.52 - - [28/Jul/2021:08:27:44 +0200] "GET /wp/wp-admin/install.php HTTP/1.1" 404 1296 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website5.tòd/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:41 +0200] "GET /wordpress/wp-admin/install.php HTTP/1.1" 404 6219 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
etc...
如何阻止此操作?
请注意 install.php 也 用于安装 因此我 无法阻止任何请求!
感谢支持,
问候,
吉安马可.
使用正则表达式设置过滤器以发现 install.php 上的命中
然后在短时间内为大量点击创建监狱 window。
有点脏,但这个正则表达式可能有效:
_log:(<ADDR>).*GET.*install.php
一个 IP 地址通过 BruteForce 扫描 install.php Wordpress 文件攻击我的服务器:
/var/www/vhosts/website1.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:33 +0200] "GET /wp-admin/install.php HTTP/1.1" 200 5503 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website2.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:43 +0200] "GET /wp-admin/install.php HTTP/1.1" 403 5686 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website3.tld/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:35 +0200] "GET /wp-admin/install.php HTTP/1.1" 200 6290 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website4.tld/logs/access_log:104.248.227.52 - - [28/Jul/2021:08:27:44 +0200] "GET /wp/wp-admin/install.php HTTP/1.1" 404 1296 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
/var/www/vhosts/website5.tòd/logs/access_ssl_log:104.248.227.52 - - [28/Jul/2021:08:27:41 +0200] "GET /wordpress/wp-admin/install.php HTTP/1.1" 404 6219 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
etc...
如何阻止此操作?
请注意 install.php 也 用于安装 因此我 无法阻止任何请求!
感谢支持, 问候, 吉安马可.
使用正则表达式设置过滤器以发现 install.php 上的命中 然后在短时间内为大量点击创建监狱 window。 有点脏,但这个正则表达式可能有效:
_log:(<ADDR>).*GET.*install.php