BorderAmigos
19th February 2009, 20:23
Can fail2ban be configured to ban a hacker or bot on the first attempt at known files or directories?
For example: I do not have RoundCube installed on my Debian Lenny server. There are a lot of attempts to access RoundCube in the Apache error logs. Can I configure fail2ban to ban on the first attempt to access RoundCube so they don't go thru all the other searches for weak points?
(If so, I would then add similar bans for all the other exploits du jour).
For example: I do not have RoundCube installed on my Debian Lenny server. There are a lot of attempts to access RoundCube in the Apache error logs. Can I configure fail2ban to ban on the first attempt to access RoundCube so they don't go thru all the other searches for weak points?
(If so, I would then add similar bans for all the other exploits du jour).