About Fail2ban blocking 404s for Apache websites
These days hackers scan your website for any known vulnerability. For example, they might run scripts that track 100s of PHP files that have been reported insecure in the past in your plugins and modules. This is a particularly popular technique to see CMSses like WordPress, Drupal, and Joomla to see if they are secure.
You can use Fail2ban to block these errand requests and temporary or permanent disable those IPs from your network. Please note the procedure below will not work on some shared servers, where each log file is in it’s own location.
Configuring Fail2ban to block errand 404s
Create a jail:
cd /etc/fail2ban vi jail.conf
Add this section
[apache-404] enabled = true port = http,https filter = apache-404 logpath = /var/log/httpd/error_log logpath = /var/log/httpd/access_log bantime = 3600 findtime = 600 maxretry = 5
Create a filter referencing the jail:
cd /etc/fail2ban/filter.d vi apache-404.conf
Create this file:
[INCLUDES] before = apache-404.conf [Definition] failregex = ^<HOST> - .* "(GET|POST|HEAD).*HTTP.*" 404 .*$ ignoreregex =.*(robots.txt|favicon.ico|jpg|png)