====== Banning phpMyAdmin bots using fail2ban ======

I've had it with those evil bots trying to exploit non-existing [[http://www.phpmyadmin.net/|phpMyAdmin]] installations on anything webserverish, therefore I wrote up a small fail2ban rule to ban those bastards after the third attempt. Maybe it's of help to you too, thus here it is.

<source blog/media/20080414-apache-phpmyadmin.conf|/etc/fail2ban/filter.d/apache-phpmyadmin.conf>

The ''badadmin'' matchers will prolly be extended in the future, this was just what I found regarding trial-and-error-URLs after a quick scan through the logs of one of the servers at work.

I added this to ''/etc/fail2ban/jail.conf'' to enable the rule:

<code>
[apache-phpmyadmin]
enabled  = true
port     = http,https
filter   = apache-phpmyadmin
logpath  = /var/log/apache*/*error.log
maxretry = 3
</code>

{{tag>apache probes scans bots fail2ban}}

~~LINKBACK~~
~~DISCUSSION~~