I installed and setup fail2ban jails on CentOS 7. In the most part it works fine, BUT... There's always the BUT part. In my server logwatch I get the following: /invoker/readonly: 1 Time(s) /jenkins/login: 1 Time(s) /localstart.html: 1 Time(s) /login.php: 1 Time(s) /manage: 1 Time(s) /manage/: 1 Time(s) /manage/AdminLogin.htm: 1 Time(s) /manage/AdminLogin.html: 1 Time(s) /manage/admin: 1 Time(s) /manage/admin/admin: 1 Time(s) /manage/adminlogin.html: 1 Time(s) /manage/adminlogin1.php: 1 Time(s) /manage/admlogin.php: 1 Time(s) /manage/edit/admin_login.php: 1 Time(s) /manage/eweb/admin_login.php: 1 Time(s) /manage/htmedit/admin_login.php: 1 Time(s) /manage/login: 1 Time(s) /manage/login/login: 1 Time(s) /manage/login/login.php: 1 Time(s) /manage/loginadm.php: 1 Time(s) /manage/loginadministrator.php: 1 Time(s) /manage/webedit/admin_login.php: 1 Time(s) /manage/z9v8login.php: 1 Time(s) /managelogin.php: 1 Time(s) /manager.php: 1 Time(s) /manager/html: 1 Time(s) /menu.aspx: 1 Time(s) /menu.pl: 1 Time(s) /my-login.php: 1 Time(s) /mymanage/member_toadmin.php: 1 Time(s) /mymanage/sys_admin_user.php: 1 Time(s) /mymanage/sys_admin_user_add.php: 1 Time(s) /mymanage/sys_admin_user_edit.php: 1 Time(s) /mymanage/sys_admin_user_tj.php: 1 Time(s) /mymanage/yuyue_admin.php: 1 Time(s) Obviously this isn't getting covered by one of the Jails. Which Jail should I be using to stop assholes like this?
You would probably need to create a jail to catch those, or search for some you could add it modify as needed; I doubt they are included in the default/example jails that so with your OS.
There is some quite good info teaching how to do that I've seen in the past; a quick google search finds https://fail2ban.readthedocs.io/en/latest/filters.html which looks to explain things.
