Re: [bitfolk] Attacks against httpd

Since around 05:00 today I've seen a great increase in attacks against httpd. I've currently got 18 IP addresses blocked by fail2ban (compared with the usual one or two per day). I'm matching as follows: failregex = \[client <HOST>\] File does not exist:.*(?i)admin.* \[client <HOST>\] File does not exist:.*(?i)manager.* \[client <HOST>\] File does not exist:.*(?i)setup.* \[client <HOST>\] File does not exist:.*(?i)mysql.* \[client <HOST>\] File does not exist:.*(?i)sqlweb.* \[client <HOST>\] File does not exist:.*(?i)webdb.* \[client <HOST>\] File does not exist:.*(?i)pma.* \[client <HOST>\] File does not exist:.*(?i)vtigercrm.* \[client <HOST>\] File does not exist:.*(?i)w00tw00t.* \[client <HOST>\] File does not exist:.*(?i)xampp.* \[client <HOST>\] File does not exist:.*(?i)phpTest.* Most of the attacks are against phpmyadmin and phpTest and are far-eastern IP addresses. I'm not particularly concerned, just curious whether it's me being targeted or just a sweep of Bitfolk subnets. Thanks, Mike _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users