每天晚上,机器人都试图侵入我的 Apache 服务器:
/var/log/apache2/error.log
输出:
[Mon Dec 30 02:55:39.098671 2019] [php7:error] [pid 14930] [client xxx.xxx.xxx.xxx:62420] script '/var/www/html/test.php' not found or unable to stat
我本来希望fail2ban能抓住它,因为它有一个过滤器:apache-noscript.conf
[Definition]
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$
默认的 jail.conf 默认情况下这样说:
[apache-noscript]
port = http,https
logpath = %(apache_error_log)s
有谁知道为什么fail2ban 仍然不阻止访问?
解决了!