Posts Tagged ‘Fail2ban’

To make fail2ban monitor roundcube 0.8+ authentication access in logs/errors add this to
/etc/fail2ban/jail.conf or /etc/fail2ban/jail.local

enabled = true
port = http,https
filter = roundcube
logpath = /var/lib/roundcube/logs/errors
maxretry = 3



Some websites are still being hit with the infamous “w00tw00t” scans. You might see these scans in your logs as:

... "GET / HTTP/1.1" 400 ...

I use fail2ban to get rid of these (more…)