Skip to content

Instantly share code, notes, and snippets.

@skyway22

skyway22/access.log

Last active January 19, 2026 15:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save skyway22/d6ee70adc7b98f464dab56dfdaaa3c38 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save skyway22/d6ee70adc7b98f464dab56dfdaaa3c38 to your computer and use it in GitHub Desktop.
Download ZIP
fail2ban
Raw
access.log
68.155.153.238 - - [19/Jan/2026:14:12:15 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:16 +0200] "GET /ver.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:17 +0200] "GET /ultra.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:18 +0200] "GET /pro.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:19 +0200] "GET /wp-good.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:20 +0200] "GET /e.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:21 +0200] "GET /data.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:22 +0200] "GET /abcd.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:23 +0200] "GET /z.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:24 +0200] "GET /css.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:25 +0200] "GET /image.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:26 +0200] "GET /file22.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:27 +0200] "GET /check.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:28 +0200] "GET /wp-header-json.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:29 +0200] "GET /fm.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:30 +0200] "GET /1.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:31 +0200] "GET /ws.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:32 +0200] "GET /xxxx.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:33 +0200] "GET /wp-configs.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:34 +0200] "GET /xmlrpc.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:35 +0200] "GET /file56.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:36 +0200] "GET /990.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:37 +0200] "GET /error.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:38 +0200] "GET /admin.php HTTP/1.1" 404 146 "-" "-"
68.155.153.238 - - [19/Jan/2026:14:12:39 +0200] "GET /bless.php HTTP/1.1" 404 146 "-" "-"
Raw
jail.local
[my-botscan]
enabled = true
maxretry = 2
findtime = 1m
bantime = 730d
Raw
my-botscan.conf
[DEFAULT]
logtype = file
[Definition]
_daemon = nginx
# PHP scan bots
failregex = (?i)^<HOST>.*(GET|POST|HEAD) \/.*.php.HTTP\/1.1\".404
ignoreregex =
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
Raw
regex_test
Running tests
=============
Use failregex line : (?i)^<HOST>.*(GET|POST|HEAD) \/.*.php.HTTP\/1.1\".404
Use log file : /var/log/nginx/access.log
Use encoding : UTF-8
Results
=======
Failregex: 25 total
|- #) [# of hits] regular expression
| 1) [25] (?i)^<HOST>.*(GET|POST|HEAD) \/.*.php.HTTP\/1.1\".404
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [365] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:\.Microseconds)?(?: Zone offset)?
`-
Lines: 365 lines, 0 ignored, 25 matched, 340 missed
[processed in 0.48 sec]
|- Matched line(s):
| 68.155.153.238 - - [19/Jan/2026:14:12:15 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:16 +0200] "GET /ver.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:17 +0200] "GET /ultra.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:18 +0200] "GET /pro.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:19 +0200] "GET /wp-good.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:20 +0200] "GET /e.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:21 +0200] "GET /data.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:22 +0200] "GET /abcd.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:23 +0200] "GET /z.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:24 +0200] "GET /css.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:25 +0200] "GET /image.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:26 +0200] "GET /file22.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:27 +0200] "GET /check.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:28 +0200] "GET /wp-header-json.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:29 +0200] "GET /fm.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:30 +0200] "GET /1.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:31 +0200] "GET /ws.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:32 +0200] "GET /xxxx.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:33 +0200] "GET /wp-configs.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:34 +0200] "GET /xmlrpc.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:35 +0200] "GET /file56.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:36 +0200] "GET /990.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:37 +0200] "GET /error.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:38 +0200] "GET /admin.php HTTP/1.1" 404 146 "-" "-"
| 68.155.153.238 - - [19/Jan/2026:14:12:39 +0200] "GET /bless.php HTTP/1.1" 404 146 "-" "-"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment