How to block bots from seeking exploits on your web server with Fail2Ban

Source: Exploit scanner, secure your Apache

Steps:

  • sudo apt-get install fail2ban
  • edit /etc/fail2ban/jail.conf
    [apache-nohome]
    enabled = true
    port    = http,https
    filter  = apache-nohome
    logpath = /var/log/apache*/*error.log
    maxretry = 5
    
  • fix a bug in the filter /etc/fail2ban/filter.d/apache-nohome.conf
    failregex = [[]client (?P<host>\S*)[]] File does not exist:
    
  • Restart /etc/init.d/fail2ban restart
  • Check that fail2ban has started.
     sudo fail2ban-client status
    Status
    |- Number of jail:      2
    `- Jail list:           apache-nohome, ssh