Of course, could be possible, but is a bad idea, i think.
Lets take a look on a access line.
[17/Apr/2021:16:50:41 +0200] [myserver.server4you.de:80] [client
40.121.52.49] - - "GET /.env HTTP/1.1" 404 463 "-" "Mozilla/5.0 (X11;
Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/81.0.4044.129 Safari/537.36"
404 after HTTP/1.1 is the status code you are talking about.
However, a typo in url causes the same code.
Better way, i think, is to use the same way plesk obsidian powered
server do: run modsecurity
( see german language tutorial
https://www.howtoforge.de/anleitung/sichere-dein-apache-mit-mod_security/ )
Use a free rule set like the comodo one (
https://www.comodo.com/home/internet-security/free-internet-security.php )
And finaly put IPs, which causes a log entry of mod_security to jail.
greetings from Berlin
Peter
Am 17.04.2021 um 16:03 schrieb Lentes, Bernd:
Hi,
if you have a webserver running on port 80 or 443 you see a lot of people
trying to find applications, php-frontends or stuff like that with default
passwords or known vulnerabilities.
Most of them get status codes like 401, 403 or 404.
Is there a way to create jails when someone gets some of these codes in a
certain time ?
Thanks.
Bernd
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
