Steps to reproduce
- Open Owncloud log.
from the log, it is apparent that bots are using different methods to break in the server. Fail2Ban is not able to block these IPs, either because it can’t see them from the log, or (most likely) because the same IP stops after 2 attempts, while it is set to block after 4 failed attempts.
Fail2Ban has been tested and working correctly for failed authentications. Is there a way to immediately block any IP using a method that is not POST?
Server configuration
Operating system: Linux Mint 20.1 Mate
Web server: Apache2
Database: mysql
PHP version: 7.4.15
ownCloud version: (see ownCloud admin page) 10.6.0.5
Updated from an older ownCloud or fresh install: fresh install
Where did you install ownCloud from: repository
Signing status (ownCloud 9.0 and above):
No errors have been found.
The content of config/config.php:
Are you using external storage, if yes which one: smb
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
ownCloud log (data/owncloud.log)
{"reqId":"9r672pDZQwON9xlGCH2i","level":3,"time":"2021-02-26T00:10:47+00:00","remoteAddr":"40.127.160.79","user":"--","app":"PHP","method":"CONNECT","url":null,"message":"Undefined index: path at \/var\/www\/owncloud\/lib\/private\/AppFramework\/Http\/Request.php#620"}
{"reqId":"9r672pDZQwON9xlGCH2i","level":3,"time":"2021-02-26T00:10:47+00:00","remoteAddr":"40.127.160.79","user":"--","app":"PHP","method":"CONNECT","url":null,"message":"Undefined index: path at \/var\/www\/owncloud\/lib\/private\/AppFramework\/Http\/Request.php#620"}
{"reqId":"9r672pDZQwON9xlGCH2i","level":2,"time":"2021-02-26T00:10:47+00:00","remoteAddr":"40.127.160.79","user":"--","app":"core","method":"CONNECT","url":null,"message":"Trusted domain error. \"40.127.160.79\" tried to access using \"ver.movistarplus.es:443\" as host."}
{"reqId":"Y10bDpQkugKytAp41IYi","level":2,"time":"2021-02-26T02:04:01+00:00","remoteAddr":"89.248.168.219","user":"--","app":"core","method":"HEAD","url":"\/","message":"Trusted domain error. \"89.248.168.219\" tried to access using \"127.0.1.1\" as host."}
{"reqId":"zg4yalZnTD7xhH4M2RMx","level":2,"time":"2021-02-26T02:46:19+00:00","remoteAddr":"89.248.168.219","user":"--","app":"core","method":"HEAD","url":"\/","message":"Trusted domain error. \"89.248.168.219\" tried to access using \"127.0.1.1\" as host."}
{"reqId":"5VpsAOH2nuZzCwjajr6j","level":2,"time":"2021-02-26T03:25:47+00:00","remoteAddr":"5.188.210.227","user":"--","app":"core","method":"GET","url":"\/echo.php","message":"Trusted domain error. \"5.188.210.227\" tried to access using \"5.188.210.227\" as host."}
{"reqId":"JRiLviZyLZ3Ph6G7rKN0","level":2,"time":"2021-02-26T09:32:48+00:00","remoteAddr":"89.248.168.219","user":"--","app":"core","method":"HEAD","url":"\/","message":"Trusted domain error. \"89.248.168.219\" tried to access using \"127.0.1.1\" as host."}
{"reqId":"txwYe0SD1iUFfwOhYB9o","level":2,"time":"2021-02-26T20:06:34+00:00","remoteAddr":"178.128.169.213","user":"--","app":"core","method":"GET","url":"\/wp-login.php","message":"Trusted domain error. \"178.128.169.213\" tried to access using \"static-90-255-228-216.vodafonexdsl.co.uk\" as host."}
{"reqId":"oM04BUPzRz9QKhyXmtes","level":2,"time":"2021-02-26T20:40:53+00:00","remoteAddr":"172.105.89.161","user":"--","app":"core","method":"GET","url":"\/0bef","message":"Trusted domain error. \"172.105.89.161\" tried to access using \"127.0.1.1\" as host."}
{"reqId":"8bOLwhCdc4zpTvjhTf9u","level":2,"time":"2021-02-26T20:41:53+00:00","remoteAddr":"222.186.136.150","user":"--","app":"core","method":"GET","url":"\/404\/index.html","message":"Trusted domain error. \"222.186.136.150\" tried to access using \"fuwu.sogou.com\" as host."}
{"reqId":"MEmnU7lLoryjpLt8aIqE","level":2,"time":"2021-02-26T20:41:53+00:00","remoteAddr":"222.186.136.150","user":"--","app":"core","method":"GET","url":"\/404\/index.html","message":"Trusted domain error. \"222.186.136.150\" tried to access using \"fuwu.sogou.com\" as host."}