[ic] Anyone try fail2ban on IC error log
db at m-and-d.com
Mon Feb 11 21:56:38 UTC 2013
I had an attacker placing fake orders on my site - I think testing to
see which credit card numbers are able to be charged. I set up fail2ban
to watch my webserver access logs, but I think it would be also good to
have fail2ban watch my IC error log.
A line of interest would look like (with ugly wrapping)
184.108.40.206 djCHxDwE:220.127.116.11 - [11/February/2013:04:23:45 -0500] store
/cgi-bin/store/ process.html Safe: Real-time charge failed. Reason:
I'm having trouble cooking up a fail2ban failregex. Here is what I have
so far which does not work.
failregex = ^<HOST> .* - \[.*\] store .*
Perhaps this is more of a regex question that an IC question, but the
solution could benefit other IC users so I thought it worth asking.
Normally when I ask a question here the answer right away becomes
obvious to me. If that happens as usual I will post an update.
More information about the interchange-users