How to use Fail2ban to block errand 404s on a WordPress/Apache website

About Fail2ban blocking 404s for Apache websites

These days hackers scan your website for any known vulnerability. For example, they might run scripts that track 100s of PHP files that have been reported insecure in the past in your plugins and modules. This is a particularly popular technique to see CMSses like WordPress, Drupal, and Joomla to see if they are secure.

You can use Fail2ban to block these errand requests and temporary or permanent disable those IPs from your network. Please note the procedure below will not work on some shared servers, where each log file is in it’s own location.

Configuring Fail2ban to block errand 404s

Create a jail:

cd /etc/fail2ban
vi jail.conf

Add this section

[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/httpd/error_log
logpath = /var/log/httpd/access_log
bantime = 3600
findtime = 600
maxretry = 5

Create a filter referencing the jail:

cd /etc/fail2ban/filter.d
vi apache-404.conf

Create this file:

[INCLUDES]

before = apache-404.conf

[Definition]

failregex = ^<HOST> - .* "(GET|POST|HEAD).*HTTP.*" 404 .*$
ignoreregex =.*(robots.txt|favicon.ico|jpg|png)

Reference:
https://bobcares.com/blog/fail2ban-apache-404/

Share this article

Leave a Reply

Your email address will not be published.

Scroll to Top