有人能帮我解决 fail2ban 正则表达式吗
我的目标是禁止任何访问 .env 或 .php 文件或任何以“wp-”开头的请求,这有点令人困惑
另一个用于检测无效的请求方法,例如有人试图通过 telnet 进行连接
前任:45.33.80.243 - - [26/Aug/2023:23:49:38 +0000] "\x16\x03\x01" 400 422 "-" "-"
我的尝试:
failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(?:wp-[^?]*|[^?]*(?:\.php|\.env))[^\s]* HTTP/\d\.\d" \d+ \d+ ".*"
适用于 wp 和 .php 和 .env
failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(?:wp-.*|.*\.php|\.env[^\s]*) HTTP/\d\.\d" \d+ \d+ ".*"
仅适用于 wp 和 .php
regex: failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(wp-.*|.*\.php)(?:\?[^\s]*)? HTTP/\d\.\d" \d+ \d+ ".*"
也会检查 referer
^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) /(wp-.*|.*\.php).* HTTP/\d\.\d" \d+ \d+ ".*"
注意:这是我第二次尝试自己完成这件事,如能得到任何帮助我都会很感激
这是一个例子[仅限今天,还有更多]:
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /marijuana.php HTTP/2.0" 403 462 "http://myspecialdomain.com//marijuana.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //mini.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /mini.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mini.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //shell.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /shell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //small.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /small.php HTTP/2.0" 403 462 "http://myspecialdomain.com//small.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wso.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wso.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wso.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wp-info.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wp-info.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-info.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //hehe.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /hehe.php HTTP/2.0" 403 462 "http://myspecialdomain.com//hehe.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wp-blog.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wp-blog.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-blog.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //DKIZ.php?DKIZ HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /DKIZ.php?DKIZ HTTP/2.0" 403 462 "http://myspecialdomain.com//DKIZ.php?DKIZ" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //xml.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /xml.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xml.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //upload.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /upload.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upload.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //up.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /up.php HTTP/2.0" 403 462 "http://myspecialdomain.com//up.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //uph.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /uph.php HTTP/2.0" 403 462 "http://myspecialdomain.com//uph.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //wpx.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /wpx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wpx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //ini.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /ini.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ini.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //lufix.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /lufix.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lufix.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //images/vuln.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /images/vuln.php HTTP/2.0" 403 462 "http://myspecialdomain.com//images/vuln.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //media-admin.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /media-admin.php HTTP/2.0" 403 462 "http://myspecialdomain.com//media-admin.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //ups.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /ups.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ups.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //srx.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /srx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//srx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //google.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /google.php HTTP/2.0" 403 462 "http://myspecialdomain.com//google.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //m.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /m.php HTTP/2.0" 403 462 "http://myspecialdomain.com//m.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //503.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /503.php HTTP/2.0" 403 462 "http://myspecialdomain.com//503.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //update.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /update.php HTTP/2.0" 403 462 "http://myspecialdomain.com//update.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //lock360.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /lock360.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock360.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //lock.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /lock.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //priv8.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /priv8.php HTTP/2.0" 403 462 "http://myspecialdomain.com//priv8.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //mass.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /mass.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mass.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //1337.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /1337.php HTTP/2.0" 403 462 "http://myspecialdomain.com//1337.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //1877.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /1877.php HTTP/2.0" 403 462 "http://myspecialdomain.com//1877.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //fm.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /fm.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fm.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //css.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /css.php HTTP/2.0" 403 462 "http://myspecialdomain.com//css.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //inbox.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /inbox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//inbox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //index2.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /index2.php HTTP/2.0" 403 462 "http://myspecialdomain.com//index2.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //default.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /default.php HTTP/2.0" 403 462 "http://myspecialdomain.com//default.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //lyda.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /lyda.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lyda.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //mar.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /mar.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mar.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //olux.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /olux.php HTTP/2.0" 403 462 "http://myspecialdomain.com//olux.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //plugins.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /plugins.php HTTP/2.0" 403 462 "http://myspecialdomain.com//plugins.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //wp-plugins.php HTTP/1.1" 302 468 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /wp-plugins.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-plugins.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //sh.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /sh.php HTTP/2.0" 403 462 "http://myspecialdomain.com//sh.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //upl.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /upl.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upl.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //symlink.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /symlink.php HTTP/2.0" 403 462 "http://myspecialdomain.com//symlink.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //sym.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /sym.php HTTP/2.0" 403 462 "http://myspecialdomain.com//sym.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //tesla.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /tesla.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tesla.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //fox.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /fox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //shell20211028.php HTTP/1.1" 302 455 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //classwithtostring.php HTTP/1.1" 302 463 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /classwithtostring.php HTTP/2.0" 403 462 "http://myspecialdomain.com//classwithtostring.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //an.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /an.php HTTP/2.0" 403 462 "http://myspecialdomain.com//an.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //zz.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /zz.php HTTP/2.0" 403 462 "http://myspecialdomain.com//zz.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //x.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /x.php HTTP/2.0" 403 462 "http://myspecialdomain.com//x.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //about.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /about.php HTTP/2.0" 403 462 "http://myspecialdomain.com//about.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //by.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /by.php HTTP/2.0" 403 462 "http://myspecialdomain.com//by.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //admin.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /admin.php HTTP/2.0" 403 462 "http://myspecialdomain.com//admin.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //fx.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /fx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //v3n0m.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /v3n0m.php HTTP/2.0" 403 462 "http://myspecialdomain.com//v3n0m.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //root.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /root.php HTTP/2.0" 403 462 "http://myspecialdomain.com//root.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //tnt.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /tnt.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tnt.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //exit.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /exit.php HTTP/2.0" 403 462 "http://myspecialdomain.com//exit.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //leet.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /leet.php HTTP/2.0" 403 462 "http://myspecialdomain.com//leet.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //lufi.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /lufi.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lufi.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //user.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /user.php HTTP/2.0" 403 462 "http://myspecialdomain.com//user.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //wso112233.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /wso112233.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wso112233.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //z.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /z.php HTTP/2.0" 403 462 "http://myspecialdomain.com//z.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //upl.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /upl.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upl.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //ch.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /ch.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ch.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //xox.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /xox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //wp-file.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /wp-file.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-file.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //minishell.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /minishell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//minishell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //mad.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /mad.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mad.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //anon.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /anon.php HTTP/2.0" 403 462 "http://myspecialdomain.com//anon.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //private.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /private.php HTTP/2.0" 403 462 "http://myspecialdomain.com//private.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //gaza.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /gaza.php HTTP/2.0" 403 462 "http://myspecialdomain.com//gaza.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //h4xor.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /h4xor.php HTTP/2.0" 403 462 "http://myspecialdomain.com//h4xor.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //IndoXploit.php HTTP/1.1" 302 449 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /IndoXploit.php HTTP/2.0" 403 462 "http://myspecialdomain.com//IndoXploit.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //font-editor.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /font-editor.php HTTP/2.0" 403 462 "http://myspecialdomain.com//font-editor.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //plugin-install.php HTTP/1.1" 302 457 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /plugin-install.php HTTP/2.0" 403 462 "http://myspecialdomain.com//plugin-install.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //theme-install.php HTTP/1.1" 302 455 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /theme-install.php HTTP/2.0" 403 462 "http://myspecialdomain.com//theme-install.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //end.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /end.php HTTP/2.0" 403 462 "http://myspecialdomain.com//end.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //access.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /access.php HTTP/2.0" 403 462 "http://myspecialdomain.com//access.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //contents.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /contents.php HTTP/2.0" 403 462 "http://myspecialdomain.com//contents.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //license.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /license.php HTTP/2.0" 403 462 "http://myspecialdomain.com//license.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //__1975.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /__1975.php HTTP/2.0" 403 462 "http://myspecialdomain.com//__1975.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //kill.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /kill.php HTTP/2.0" 403 462 "http://myspecialdomain.com//kill.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //xlettt.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /xlettt.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xlettt.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //shellx.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /shellx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shellx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //lock0360.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /lock0360.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock0360.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //indexs.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /indexs.php HTTP/2.0" 403 462 "http://myspecialdomain.com//indexs.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //hanna1337.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /hanna1337.php HTTP/2.0" 403 462 "http://myspecialdomain.com//hanna1337.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //ton.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /ton.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ton.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //bala.php HTTP/1.1" 302 456 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /bala.php HTTP/2.0" 403 462 "http://myspecialdomain.com//bala.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-admin/shell20211028.php HTTP/1.1" 302 473 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-admin/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-admin/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-content/shell20211028.php HTTP/1.1" 302 477 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-content/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-content/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-includes/shell20211028.php HTTP/1.1" 302 479 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-includes/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-includes/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //gecko.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /gecko.php HTTP/2.0" 403 462 "http://myspecialdomain.com//gecko.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //log.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /log.php HTTP/2.0" 403 462 "http://myspecialdomain.com//log.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //xl2023.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /xl2023.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xl2023.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wsoyanzorng.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wsoyanzorng.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wsoyanzorng.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //alf.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /alf.php HTTP/2.0" 403 462 "http://myspecialdomain.com//alf.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //xmlrpc2.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /xmlrpc2.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xmlrpc2.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //evil.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /evil.php HTTP/2.0" 403 462 "http://myspecialdomain.com//evil.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //demo.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /demo.php HTTP/2.0" 403 462 "http://myspecialdomain.com//demo.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //tmpshell.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /tmpshell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tmpshell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //moto.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /moto.php HTTP/2.0" 403 462 "http://myspecialdomain.com//moto.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //columns.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /columns.php HTTP/2.0" 403 462 "http://myspecialdomain.com//columns.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-content/themes/pridmag/db.php?u HTTP/1.1" 302 489 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp-content/themes/pridmag/db.php?u HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-content/themes/pridmag/db.php?u" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-includes/atom.php HTTP/1.1" 302 461 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp-includes/atom.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-includes/atom.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //utchiha.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /utchiha.php HTTP/2.0" 403 462 "http://myspecialdomain.com//utchiha.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //utchiha_uploader.php HTTP/1.1" 302 461 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /utchiha_uploader.php HTTP/2.0" 403 462 "http://myspecialdomain.com//utchiha_uploader.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //Deadcode1975.php HTTP/1.1" 302 453 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /Deadcode1975.php HTTP/2.0" 403 462 "http://myspecialdomain.com//Deadcode1975.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-content/wp-conf.php HTTP/1.1" 302 465 "-" "Go-http-client/1.1"
答案1
关于被拒绝的请求(400),请参阅我的回答 https://serverfault.com/a/1083820/488604。
您还可以尝试将您的方法组合到单个过滤器中,例如,无论 URI 如何,以下 RE 都会捕获每个 400 和 403 响应:
failregex = ^<ADDR> \S+ \S+(?: \[\])? "[^"]*" 40[03]\s
但这肯定会期望您的页面不会自行生成 400/403 请求,以避免可能出现的误报。
更“严格”一点的 RE 可能看起来像这样:
failregex = ^<ADDR> \S+ \S+(?: \[\])? (?:"[^"]*" 400|"[A-Z]+ /(?:[^/]+/)*[^/.]+\.(?:php|env)\s[^"]*" 40[34])\s
或者类似这样,使用快速预过滤器(如果您需要更多不同failregex
):
prefregex = ^<ADDR> \S+ \S+(?: \[\])? (?="[^"]*" 40[034]\s)<F-CONTENT>.+</F-CONTENT>$
failregex = ^"[^"]*" 400\s
^"[A-Z]+ /(?:[^/]+/)*[^/.]+\.(?:php|env)\s[^"]*" 40[34]\s
.php
两种变体都会找到带有和扩展名的每个第 400 个以及第 403 个和第 404 个请求.env
(猜测您的页面也不会在内部生成这样的 URI,并且没有人真正想故意调用被禁止或丢失的 php/env 页面)。
至于 fail2ban 消耗的资源 - 严格地说这取决于情况,但如果这里不使用访问日志,问题就不会那么大,而访问日志的监控确实不推荐。
请参阅fail2ban :: wiki :: 最佳实践了解更多信息(特别是关于“寄生日志流量”的段落)。
顺便说一句,对于以多个/
-slash 开头的 URI,生成 302 次重定向有点奇怪,至少对于不存在且永远无法从服务器提供服务的 URI 来说是这样。更不用说 POST 请求的参数等了。此外,我不知道在哪里需要它。