[ic] Anyone try fail2ban on IC error log

DB db at m-and-d.com
Mon Feb 11 21:56:38 UTC 2013


I had an attacker placing fake orders on my site - I think testing to
see which credit card numbers are able to be charged. I set up fail2ban
to watch my webserver access logs, but I think it would be also good to
have fail2ban watch my IC error log.

A line of interest would look like (with ugly wrapping)

1.2.3.4 djCHxDwE:1.2.3.4 - [11/February/2013:04:23:45 -0500] store
/cgi-bin/store/ process.html Safe: Real-time charge failed. Reason:

I'm having trouble cooking up a fail2ban failregex. Here is what I have
so far which does not work.

failregex = ^<HOST> .* - \[.*\] store .*

Perhaps this is more of a regex question that an IC question, but the
solution could benefit other IC users so I thought it worth asking.

Normally when I ask a question here the answer right away becomes
obvious to me. If that happens as usual I will post an update.

DB



More information about the interchange-users mailing list