Alguém pode me ajudar com regex fail2ban
Meu objetivo é proibir qualquer acesso a arquivos .env ou .php ou qualquer solicitação que comece com "wp-", é um pouco confuso
e outro para detectar métodos de solicitação inválidos, como alguém tentando se conectar via telnet
ex:45.33.80.243 - - [26/Aug/2023:23:49:38 +0000] "\x16\x03\x01" 400 422 "-" "-"
Minhas tentativas:
failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(?:wp-[^?]*|[^?]*(?:\.php|\.env))[^\s]* HTTP/\d\.\d" \d+ \d+ ".*"
para wp e .php e .env
failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(?:wp-.*|.*\.php|\.env[^\s]*) HTTP/\d\.\d" \d+ \d+ ".*"
apenas para wp e .php
regex: failregex = ^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) (?:\/[^\s]*\/)?(wp-.*|.*\.php)(?:\?[^\s]*)? HTTP/\d\.\d" \d+ \d+ ".*"
verificarei o referenciador também
^<HOST> .* "(?:GET|POST|PUT|DELETE|HEAD|OPTIONS|PATCH|CONNECT|TRACE) /(wp-.*|.*\.php).* HTTP/\d\.\d" \d+ \d+ ".*"
Obs: essa é a segunda semana tentando fazer isso sozinho, qualquer ajuda eu agradeço
aqui está um exemplo [só hoje e tem mais]:
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /marijuana.php HTTP/2.0" 403 462 "http://myspecialdomain.com//marijuana.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //mini.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /mini.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mini.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //shell.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /shell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //small.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /small.php HTTP/2.0" 403 462 "http://myspecialdomain.com//small.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wso.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wso.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wso.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wp-info.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wp-info.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-info.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //hehe.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /hehe.php HTTP/2.0" 403 462 "http://myspecialdomain.com//hehe.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET //wp-blog.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:10 +0000] "GET /wp-blog.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-blog.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //DKIZ.php?DKIZ HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /DKIZ.php?DKIZ HTTP/2.0" 403 462 "http://myspecialdomain.com//DKIZ.php?DKIZ" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //xml.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /xml.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xml.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //upload.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /upload.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upload.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //up.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /up.php HTTP/2.0" 403 462 "http://myspecialdomain.com//up.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //uph.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /uph.php HTTP/2.0" 403 462 "http://myspecialdomain.com//uph.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //wpx.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /wpx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wpx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //ini.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /ini.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ini.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //lufix.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /lufix.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lufix.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //images/vuln.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /images/vuln.php HTTP/2.0" 403 462 "http://myspecialdomain.com//images/vuln.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //media-admin.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /media-admin.php HTTP/2.0" 403 462 "http://myspecialdomain.com//media-admin.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //ups.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /ups.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ups.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET //srx.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:11 +0000] "GET /srx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//srx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //google.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /google.php HTTP/2.0" 403 462 "http://myspecialdomain.com//google.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //m.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /m.php HTTP/2.0" 403 462 "http://myspecialdomain.com//m.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //503.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /503.php HTTP/2.0" 403 462 "http://myspecialdomain.com//503.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //update.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /update.php HTTP/2.0" 403 462 "http://myspecialdomain.com//update.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //lock360.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /lock360.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock360.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //lock.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /lock.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //priv8.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /priv8.php HTTP/2.0" 403 462 "http://myspecialdomain.com//priv8.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //mass.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /mass.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mass.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //1337.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /1337.php HTTP/2.0" 403 462 "http://myspecialdomain.com//1337.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //1877.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /1877.php HTTP/2.0" 403 462 "http://myspecialdomain.com//1877.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //fm.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /fm.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fm.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //css.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET /css.php HTTP/2.0" 403 462 "http://myspecialdomain.com//css.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:12 +0000] "GET //inbox.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /inbox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//inbox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //index2.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /index2.php HTTP/2.0" 403 462 "http://myspecialdomain.com//index2.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //default.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /default.php HTTP/2.0" 403 462 "http://myspecialdomain.com//default.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //lyda.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /lyda.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lyda.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //mar.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /mar.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mar.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //olux.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /olux.php HTTP/2.0" 403 462 "http://myspecialdomain.com//olux.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //plugins.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /plugins.php HTTP/2.0" 403 462 "http://myspecialdomain.com//plugins.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //wp-plugins.php HTTP/1.1" 302 468 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /wp-plugins.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-plugins.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //sh.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /sh.php HTTP/2.0" 403 462 "http://myspecialdomain.com//sh.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //upl.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /upl.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upl.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //symlink.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /symlink.php HTTP/2.0" 403 462 "http://myspecialdomain.com//symlink.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET //sym.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:13 +0000] "GET /sym.php HTTP/2.0" 403 462 "http://myspecialdomain.com//sym.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //tesla.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /tesla.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tesla.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //fox.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /fox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //shell20211028.php HTTP/1.1" 302 455 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //classwithtostring.php HTTP/1.1" 302 463 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /classwithtostring.php HTTP/2.0" 403 462 "http://myspecialdomain.com//classwithtostring.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //an.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /an.php HTTP/2.0" 403 462 "http://myspecialdomain.com//an.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //zz.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /zz.php HTTP/2.0" 403 462 "http://myspecialdomain.com//zz.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //x.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /x.php HTTP/2.0" 403 462 "http://myspecialdomain.com//x.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //about.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /about.php HTTP/2.0" 403 462 "http://myspecialdomain.com//about.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //by.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /by.php HTTP/2.0" 403 462 "http://myspecialdomain.com//by.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //admin.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /admin.php HTTP/2.0" 403 462 "http://myspecialdomain.com//admin.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //fx.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET /fx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//fx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:14 +0000] "GET //v3n0m.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /v3n0m.php HTTP/2.0" 403 462 "http://myspecialdomain.com//v3n0m.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //root.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /root.php HTTP/2.0" 403 462 "http://myspecialdomain.com//root.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //tnt.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /tnt.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tnt.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //exit.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /exit.php HTTP/2.0" 403 462 "http://myspecialdomain.com//exit.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //leet.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /leet.php HTTP/2.0" 403 462 "http://myspecialdomain.com//leet.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //lufi.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /lufi.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lufi.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //user.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /user.php HTTP/2.0" 403 462 "http://myspecialdomain.com//user.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //wso112233.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /wso112233.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wso112233.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //z.php HTTP/1.1" 302 431 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /z.php HTTP/2.0" 403 462 "http://myspecialdomain.com//z.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //upl.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /upl.php HTTP/2.0" 403 462 "http://myspecialdomain.com//upl.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //ch.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET /ch.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ch.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:15 +0000] "GET //xox.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /xox.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xox.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //wp-file.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /wp-file.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-file.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //minishell.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /minishell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//minishell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //mad.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /mad.php HTTP/2.0" 403 462 "http://myspecialdomain.com//mad.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //anon.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /anon.php HTTP/2.0" 403 462 "http://myspecialdomain.com//anon.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //private.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /private.php HTTP/2.0" 403 462 "http://myspecialdomain.com//private.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //gaza.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /gaza.php HTTP/2.0" 403 462 "http://myspecialdomain.com//gaza.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //h4xor.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /h4xor.php HTTP/2.0" 403 462 "http://myspecialdomain.com//h4xor.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //IndoXploit.php HTTP/1.1" 302 449 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /IndoXploit.php HTTP/2.0" 403 462 "http://myspecialdomain.com//IndoXploit.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //font-editor.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /font-editor.php HTTP/2.0" 403 462 "http://myspecialdomain.com//font-editor.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //plugin-install.php HTTP/1.1" 302 457 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /plugin-install.php HTTP/2.0" 403 462 "http://myspecialdomain.com//plugin-install.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET //theme-install.php HTTP/1.1" 302 455 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:16 +0000] "GET /theme-install.php HTTP/2.0" 403 462 "http://myspecialdomain.com//theme-install.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //end.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /end.php HTTP/2.0" 403 462 "http://myspecialdomain.com//end.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //access.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /access.php HTTP/2.0" 403 462 "http://myspecialdomain.com//access.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //contents.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /contents.php HTTP/2.0" 403 462 "http://myspecialdomain.com//contents.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //license.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /license.php HTTP/2.0" 403 462 "http://myspecialdomain.com//license.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //__1975.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /__1975.php HTTP/2.0" 403 462 "http://myspecialdomain.com//__1975.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //kill.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /kill.php HTTP/2.0" 403 462 "http://myspecialdomain.com//kill.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //xlettt.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /xlettt.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xlettt.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //shellx.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /shellx.php HTTP/2.0" 403 462 "http://myspecialdomain.com//shellx.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //lock0360.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /lock0360.php HTTP/2.0" 403 462 "http://myspecialdomain.com//lock0360.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //indexs.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /indexs.php HTTP/2.0" 403 462 "http://myspecialdomain.com//indexs.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET //hanna1337.php HTTP/1.1" 302 447 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:17 +0000] "GET /hanna1337.php HTTP/2.0" 403 462 "http://myspecialdomain.com//hanna1337.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //ton.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /ton.php HTTP/2.0" 403 462 "http://myspecialdomain.com//ton.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //bala.php HTTP/1.1" 302 456 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /bala.php HTTP/2.0" 403 462 "http://myspecialdomain.com//bala.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-admin/shell20211028.php HTTP/1.1" 302 473 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-admin/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-admin/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-content/shell20211028.php HTTP/1.1" 302 477 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-content/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-content/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wp-includes/shell20211028.php HTTP/1.1" 302 479 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wp-includes/shell20211028.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-includes/shell20211028.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //gecko.php HTTP/1.1" 302 439 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /gecko.php HTTP/2.0" 403 462 "http://myspecialdomain.com//gecko.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //log.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /log.php HTTP/2.0" 403 462 "http://myspecialdomain.com//log.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //xl2023.php HTTP/1.1" 302 441 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /xl2023.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xl2023.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //wsoyanzorng.php HTTP/1.1" 302 451 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /wsoyanzorng.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wsoyanzorng.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //alf.php HTTP/1.1" 302 435 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /alf.php HTTP/2.0" 403 462 "http://myspecialdomain.com//alf.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //xmlrpc2.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /xmlrpc2.php HTTP/2.0" 403 462 "http://myspecialdomain.com//xmlrpc2.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET //evil.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:18 +0000] "GET /evil.php HTTP/2.0" 403 462 "http://myspecialdomain.com//evil.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //demo.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /demo.php HTTP/2.0" 403 462 "http://myspecialdomain.com//demo.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //tmpshell.php HTTP/1.1" 302 445 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /tmpshell.php HTTP/2.0" 403 462 "http://myspecialdomain.com//tmpshell.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //moto.php HTTP/1.1" 302 437 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /moto.php HTTP/2.0" 403 462 "http://myspecialdomain.com//moto.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //columns.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /columns.php HTTP/2.0" 403 462 "http://myspecialdomain.com//columns.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-content/themes/pridmag/db.php?u HTTP/1.1" 302 489 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp-content/themes/pridmag/db.php?u HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-content/themes/pridmag/db.php?u" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-includes/atom.php HTTP/1.1" 302 461 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp-includes/atom.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp-includes/atom.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //utchiha.php HTTP/1.1" 302 443 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /utchiha.php HTTP/2.0" 403 462 "http://myspecialdomain.com//utchiha.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //utchiha_uploader.php HTTP/1.1" 302 461 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /utchiha_uploader.php HTTP/2.0" 403 462 "http://myspecialdomain.com//utchiha_uploader.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //Deadcode1975.php HTTP/1.1" 302 453 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /Deadcode1975.php HTTP/2.0" 403 462 "http://myspecialdomain.com//Deadcode1975.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp.php HTTP/1.1" 302 433 "-" "Go-http-client/1.1"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET /wp.php HTTP/2.0" 403 462 "http://myspecialdomain.com//wp.php" "Go-http-client/2.0"
74.249.248.112 - - [27/Aug/2023:05:08:19 +0000] "GET //wp-content/wp-conf.php HTTP/1.1" 302 465 "-" "Go-http-client/1.1"
Responder1
Em relação aos pedidos rejeitados (400), veja minha resposta https://serverfault.com/a/1083820/488604.
Pode-se também tentar combinar sua abordagem com um único filtro, por exemplo, seguir RE capturaria todas as respostas 400 e 403, independentemente do URI:
failregex = ^<ADDR> \S+ \S+(?: \[\])? "[^"]*" 40[03]\s
Mas isso certamente esperaria que suas páginas não gerassem solicitações 400/403 por si mesmas para evitar possíveis falsos positivos.
RE um pouco mais "estrito" pode ser assim:
failregex = ^<ADDR> \S+ \S+(?: \[\])? (?:"[^"]*" 400|"[A-Z]+ /(?:[^/]+/)*[^/.]+\.(?:php|env)\s[^"]*" 40[34])\s
ou algo assim, com um pré-filtro rápido (se precisar de mais diferentes failregex):
prefregex = ^<ADDR> \S+ \S+(?: \[\])? (?="[^"]*" 40[034]\s)<F-CONTENT>.+</F-CONTENT>$
failregex = ^"[^"]*" 400\s
^"[A-Z]+ /(?:[^/]+/)*[^/.]+\.(?:php|env)\s[^"]*" 40[34]\s
Ambas as variantes encontrariam todas as solicitações 400, 403 e 404 com extensões .phpe .env(supondo que suas páginas também não gerariam tais URIs internamente e ninguém realmente deseja chamar intencionalmente páginas php/env proibidas ou ausentes).
Quanto ao consumo de recursos pelo fail2ban - diga estritamente que depende, mas não será tão problemático se não usarmos o log de acesso aqui, cujo monitoramento de fato não é recomendado.
Verfail2ban :: wiki :: Melhores práticaspara mais informações (especialmente o parágrafo sobre "tráfego de log parasitário").
A propósito, a geração do 302º redirecionamento para URIs começando com várias /barras é um pouco estranho quando não dizer parece um erro, pelo menos para URIs que não existem e nunca podem ser servidos pelo servidor. Muito menos os argumentos das solicitações POST, etc. Além disso, não sei onde isso seria necessário.