CentOS 上 PhpMyAdmin 的 Fail2Ban 问题

我终于解决了这个问题。Fail2Ban 现在可以正常阻止了。

我决定将 PhpMyAdmin 更新到 5.0.1 版本。更新后，我编辑了以下文件：

/var/www/phpmyadmin/libraries/config.default.php

我把配置改成如下形式：

$ cfg ['AuthLog'] = 'auto'; ------> $ cfg ['AuthLog'] = 'php';

在我这样做之后，他开始以不同的方式在不同的文件中生成日志。

日志开始在“/var/log/php-fpm/www-error.log”文件中生成。

并且这样：

[15-Feb-2020 17:18:11 UTC] user denied: root (mysql-denied) from 168.194.165.40
[15-Feb-2020 17:18:13 UTC] user denied: root (mysql-denied) from 168.194.165.40
[15-Feb-2020 17:18:14 UTC] user denied: root (mysql-denied) from 168.194.165.40
[15-Feb-2020 17:22:06 UTC] user denied: root (mysql-denied) from 168.194.165.40
[15-Feb-2020 17:22:08 UTC] user denied: root (mysql-denied) from 168.194.165.40
[15-Feb-2020 17:22:09 UTC] user denied: root (mysql-denied) from 168.194.165.40

然后，我配置了“/etc/fail2ban/filter.d/phpmyadmin.conf”文件，如下所示：

[Definition]
denied = mysql-denied | allow-denied | root-denied | empty-denied
failregex = user denied:. + from <HOST> \ s * $
ignoreregex =

之后，我配置了“/etc/fail2ban/jail.conf”如下：

[phpmyadmin]
enabled = true
port = http, https
action = iptables-multiport [name = phpmyadmin, port = "http, https", protocol = tcp]
         # sendmail-whois [name = PHPMYADMIN, [email protected]]
logpath = /var/log/php-fpm/www-error.log
maxretry = 3

此后，只需重新启动 fail2ban，一切就都解决了。

查看日志，现在阻塞：

2020-02-15 14: 39: 42,005 fail2ban.filter [25748]: INFO [phpmyadmin] Found 168.194.165.40 - 2020-02-15 14:39:41
2020-02-15 14: 39: 44,009 fail2ban.filter [25748]: INFO [phpmyadmin] Found 168.194.165.40 - 2020-02-15 14:39:43
2020-02-15 14: 39: 46,013 fail2ban.filter [25748]: INFO [phpmyadmin] Found 168.194.165.40 - 2020-02-15 14:39:45
2020-02-15 14: 39: 46,204 fail2ban.actions [25748]: NOTICE [phpmyadmin] Ban 168.194.165.40