I begin by apologizing for any communication error, as I am Brazilian and I still try to adapt with the English language.
I’m having a hard time getting Fail2Ban to work on phpmyadmin.
I’m using CentOS 8.1.1911 and fail2ban 0.10.5-2.
My PhpMyAdmin is version 22.214.171.124.
I noticed that PhpMyAdmin logs login failures in the “/var/log/secure” file.
And he has an output like this:
Feb 14 21:40:37 www phpMyAdmin: user denied: root (mysql-denied) from 126.96.36.199
Feb 14 21:42:07 www phpMyAdmin: user denied: root (mysql-denied) from 188.8.131.52
Feb 14 21:42:09 www phpMyAdmin: user denied: root (mysql-denied) from 184.108.40.206
Feb 14 21:48:06 www phpMyAdmin: user denied: root (mysql-denied) from 220.127.116.11
So, I configured my “/etc/fail2ban/jail.conf” like this:
enabled = true
port = http,https
filter = phpmyadmin
action = iptables-multiport[name=phpmyadmin, port=”http,https”, protocol=tcp]
logpath = /var/log/secure
maxretry = 3
And the filter configuration file (/etc/fail2ban/filter.d/phpmyadmin.conf), the expressions are like this:
denied = mysql-denied|allow-denied|root-denied|empty-denied
failregex = ^ -.*(?:%(denied)s)$
I believe I am not able to correctly form the expression, as Fail2Ban is not blocking at all.
Could someone help me in this matter?
I’ll be very grateful.