sorry for the delayâŠ!
The jail works in Nethserver 6 when using phpMyAdmin without multiaccess. however, one has to disabled the apache-auth and the recidive jails (or set the maxrentry value of these jails higher than the one of the phpMyAdmin jail, otherwise one is banned by them before ).
in Nethserver 7 the phpMyAdmin jail doesnât ban me at all⊠here are the last login attempts as logged in the /var/log/httpd/ssl_access_log
:
# tailf /var/log/httpd/ssl_access_log
192.168.2.103 - - [08/Mar/2017:16:33:49 +0100] "GET /phpmyadmin/themes/pmahomme/img/sprites.png HTTP/1.1" 200 46795 192.168.2.103 - - [08/Mar/2017:16:33:49 +0100] "GET /phpmyadmin/favicon.ico HTTP/1.1" 200 18902 192.168.2.103 - - [08/Mar/2017:16:34:12 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2978 192.168.2.103 - - [08/Mar/2017:16:34:18 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2978 192.168.2.103 - - [08/Mar/2017:16:34:27 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2978 192.168.2.103 - - [08/Mar/2017:16:34:33 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2978 192.168.2.103 - - [08/Mar/2017:16:34:42 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2978 192.168.2.103 - - [08/Mar/2017:16:34:51 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2990 192.168.2.103 - - [08/Mar/2017:16:34:52 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2990 192.168.2.103 - - [08/Mar/2017:16:35:06 +0100] "POST /phpmyadmin/index.php HTTP/1.1" 200 2979
I donât know why it doesnât work⊠of course, I have enabled the âbans from LANâ option and set the maxrentry variable to 2 in the panel/moduleâŠ
For the multiaccess mode in Nethserver 6, one would probably have to adapt the file /etc/fail2ban/filter.d/phpmyadmin.conf
which I have not tested yet since my virtual box with Nethserver 6 is incredibly slow (probably I have chosen wrong network settingsâŠ).
EDIT: I have had a look into the /etc/fail2ban/filter.d/phpmyadmin.conf
file and saw that the multiaccess mode seems to be covered already by the default jailâŠ
However, it doesnât ban me⊠Here some of my failed login attempts as logged in the /var/log/httpd/access_log
file:[08/Mar/2017:16:52:01 +0100] "GET /phpmyadmin-multi/themes/pmahomme/img/input_bg.gif HTTP/1.1" 200 170 "https://192.168.1.1/phpmyadmin-multi/phpmyadmin.css.php?server=1&lang=de&collation_connection=utf8_general_ci&token=c5fb47d3bce7f6c8ea7d4ff7d765398c&js_frame=right&nocache=4239003750" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:32 +0100] "POST /phpmyadmin-multi/index.php HTTP/1.1" 302 - "https://192.168.1.1/phpmyadmin-multi/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:32 +0100] "GET /phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 6783 "https://192.168.1.1/phpmyadmin-multi/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:32 +0100] "GET /phpmyadmin-multi/phpmyadmin.css.php?server=1&token=c5fb47d3bce7f6c8ea7d4ff7d765398c&js_frame=right&nocache=4239003750 HTTP/1.1" 200 82340 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:32 +0100] "GET /phpmyadmin-multi/js/messages.php?lang=de&db=&token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 18336 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:32 +0100] "GET /phpmyadmin-multi/themes/pmahomme/img/s_error.png HTTP/1.1" 200 664 "https://192.168.1.1/phpmyadmin-multi/phpmyadmin.css.php?server=1&token=c5fb47d3bce7f6c8ea7d4ff7d765398c&js_frame=right&nocache=4239003750" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:49 +0100] "POST /phpmyadmin-multi/index.php HTTP/1.1" 302 - "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:49 +0100] "GET /phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 6783 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:57 +0100] "POST /phpmyadmin-multi/index.php HTTP/1.1" 302 - "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:52:57 +0100] "GET /phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 6783 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:53:05 +0100] "POST /phpmyadmin-multi/index.php HTTP/1.1" 302 - "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:53:05 +0100] "GET /phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 6783 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:53:17 +0100] "POST /phpmyadmin-multi/index.php HTTP/1.1" 302 - "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0" 192.168.1.10 - - [08/Mar/2017:16:53:18 +0100] "GET /phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c HTTP/1.1" 200 6783 "https://192.168.1.1/phpmyadmin-multi/index.php?token=c5fb47d3bce7f6c8ea7d4ff7d765398c" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
I left the /etc/fail2ban/filter.d/phpmyadmin.conf
file untouched:
` [Definition]
#this filter is made against brute force attack to phpmyadmin
# Author Stephane de Labrusse stephdl@de-labrusse.fr
failregex =^.-..[.] âPOST /phpmyadmin/index.php HTTP/1.1â 200
^.-..[.] âPOST /phpmyadmin-multi/index.php HTTP/1.1â 200
^.-..[.] âGET /phpmyadmin HTTP/1.1â 401
ignoreregex =`