Category: Server

Fail2Ban Custom filters and Testing Regex’s against existing Logs

Fail2ban is a tool that can automatically ban malicious bots trying to get into your server. Provided you set up filters and the ip address is logged you can use fail2ban with any application.

fail2ban is built with python2.7

Create a filter, using a regular expression:

In /etc/fail2ban/filter.d/my-custom-filter.conf:


failregex = ^  -.* "POST \/user\/register HTTP\/1.0" 200

ignoreregex =

Now you want to test this for matches against a log file. Ensure that the log file has existing matches.

Make use of the command line tool fail2ban-regex:

fail2ban-regex /var/log/apache2/example-access.log /etc/fail2ban/filter.d/my-custom-filter.conf

You will get summary data like this:

Running tests

Use   failregex file : /etc/fail2ban/filter.d/my-custom-filter.conf
Use         log file : /var/log/apache2/example-access.log


Failregex: 1 total
|-  #) [# of hits] regular expression
|   1) [1] ^  -.* "POST \/user\/register HTTP\/1.0" 200

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [23636] Day/MONTH/Year:Hour:Minute:Second

Lines: 23636 lines, 0 ignored, 1 matched, 23635 missed
Missed line(s): too many to print.  Use --print-all-missed to print all 23635 lines

Which lets you debug your filter regular expression to ensure it is matching the malicious log entries.


Finally, add the new filter to your jail.local by appending the following:

enabled  = true
filter   = my-custom-filter
action   = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath  = /var/log/apache2/example-access.log
banTime  = 864000
findtime = 1800
maxRetry = 3

You can read more about the configuration of jails in the manual

Setting up Yii Environment on your Server

How to Setup Yii on your Environment Server

1. Make Sure your vhost is setup correctly, with debian/ubuntu that is /etc/apache2/sites-available/sitename

Options FollowSymLinks -Indexes Includes
AllowOverride All

2. Set your include path in php.ini that is etc/php/apache2/php.ini

; UNIX: "/path1:/path2"
include_path = ".:/usr/share/library"

3. Download, get url from Yii Download Page


4. Unzip

tar -xzvf file.tar.gz

5. Change name, Set Permissions, Restart Apache:

mv yii-1.14e2938u123 yii
chown www-data:www-data yii/
chmod -R 755 yii/
service apache2 restart

6. Finally you still need to give the exact directory in index.php of the yii.php: