About Fail2ban blocking 404s for Apache websites
These days hackers scan your website for any known vulnerability. For example, they might run scripts that track 100s of PHP files that have been reported insecure in the past in your plugins and modules. This is a particularly popular technique to see CMSses like WordPress, Drupal, and Joomla to see if they are secure.
You can use Fail2ban to block these errand requests and temporary or permanent disable those IPs from your network. Please note the procedure below will not work on some shared servers, where each log file is in it’s own location.
Configuring Fail2ban to block errand 404s
Create a jail:
cd /etc/fail2ban vi jail.conf
Add this section
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/httpd/error_log
logpath = /var/log/httpd/access_log
bantime = 3600
findtime = 600
maxretry = 5Create a filter referencing the jail:
cd /etc/fail2ban/filter.d vi apache-404.conf
Create this file:
[INCLUDES] before = apache-404.conf [Definition] failregex = ^<HOST> - .* "(GET|POST|HEAD).*HTTP.*" 404 .*$ ignoreregex =.*(robots.txt|favicon.ico|jpg|png)