I've been using fail2ban for a long time on CentOS 5 and it's worked like a charm. I recently installed a new CentOS 6.2 Server and moved my websites and forums onto that, now life has become a nightmare because we are being bombarded 24 x 7 by moronic scriptkiddies. It's so bad the entire system went down over the Christmas period and my fail2ban expressions don't work any longer. I'm not a programmer, but I see that the format of the entries in the log files are different! I'm getting different errors in the error logs : - [Mon Jan 09 14:47:27 2012] [error] [client 220.127.116.11] File does not exist: /var/www/xxmusic/components/com_galleria [Mon Jan 09 14:54:49 2012] [error] [client 18.104.22.168] File does not exist: /var/www/xxmusic/muieblackcat and [Tue Jan 10 13:49:16 2012] [error] [client 22.214.171.124] script '/var/www/xxmusic/site.php' not found or unable to stat [Tue Jan 10 13:49:17 2012] [error] [client 126.96.36.199] script '/var/www/xxmusic/site.php' not found or unable to stat On the old server, fail2ban caught all of these, on the new server ZERO and we are getting thousands of these 24 x 7 I used a filter.d called apache-noscript on the old server and another called apache-nohome. My apache-noscript expression was : failregex = [client <HOST>] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) and the apache-nohome was : failregex = [client <HOST>] File does not exist: .*/~.* Can someone PLEASE help me to get 2 x failregex expressions that will work?