Configure fail2ban for specific hack attempts?

Discussion in 'Installation/Configuration' started by BorderAmigos, Feb 19, 2009.

  1. BorderAmigos

    BorderAmigos New Member

    Can fail2ban be configured to ban a hacker or bot on the first attempt at known files or directories?

    For example: I do not have RoundCube installed on my Debian Lenny server. There are a lot of attempts to access RoundCube in the Apache error logs. Can I configure fail2ban to ban on the first attempt to access RoundCube so they don't go thru all the other searches for weak points?

    (If so, I would then add similar bans for all the other exploits du jour).
  2. falko

    falko Super Moderator ISPConfig Developer

    Yes, that should be possible as long as you use the correct regex in your fail2ban configuration.

Share This Page