On CentOS 6 i use a simple regex on httpd error_log to ban bots, something that looks like this :
Code: Select all
failregex = \[client <HOST>\] File does not exist:.*(?i)phpmyadmin.*
Code: Select all
/usr/bin/fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache-phpmyadmin.conf
Code: Select all
[Tue Jan 19 11:03:48.723037 2016] [core:info] [pid 26936] [client ip_adress_removed:13027] AH00128: File does not exist: /var/www/html/phpmyadmin
Code: Select all
[Mon Jan 18 19:27:26 2016] [error] [client ip_adress_removed] File does not exist: /var/www/html/phpmyadmin