Categories
Development System & Network

Difficulties with Fail2Ban on PhpMyAdmin on CentOS

Dear Colleagues,

I begin by apologizing for any communication error, as I am Brazilian and I still try to adapt with the English language.

I’m having a hard time getting Fail2Ban to work on phpmyadmin.

I’m using CentOS 8.1.1911 and fail2ban 0.10.5-2.
My PhpMyAdmin is version 4.9.0.1.

I noticed that PhpMyAdmin logs login failures in the “/var/log/secure” file.

And he has an output like this:

Feb 14 21:40:37 www phpMyAdmin[3982]: user denied: root (mysql-denied) from 177.122.254.10
Feb 14 21:42:07 www phpMyAdmin[3978]: user denied: root (mysql-denied) from 177.122.254.10
Feb 14 21:42:09 www phpMyAdmin[3982]: user denied: root (mysql-denied) from 177.122.254.10
Feb 14 21:48:06 www phpMyAdmin[3981]: user denied: root (mysql-denied) from 177.122.254.10

So, I configured my “/etc/fail2ban/jail.conf” like this:

[phpmyadmin]
enabled = true
port = http,https
filter = phpmyadmin
action = iptables-multiport[name=phpmyadmin, port=”http,https”, protocol=tcp]
sendmail-whois[name=PHPMYADMIN, dest=suporte@syspack.net.br]
logpath = /var/log/secure
maxretry = 3

And the filter configuration file (/etc/fail2ban/filter.d/phpmyadmin.conf), the expressions are like this:

[Definition]
denied = mysql-denied|allow-denied|root-denied|empty-denied
failregex = ^ -.*(?:%(denied)s)$
ignoreregex =

I believe I am not able to correctly form the expression, as Fail2Ban is not blocking at all.

Could someone help me in this matter?

I’ll be very grateful.

Leave a Reply

Your email address will not be published. Required fields are marked *