1. 不要直接就<HOST>開頭
2. 然後 "PHP Notice:Undefined" 少了一個空白, 應該是"PHP Notice: Undefined"
3. 然後 client <HOST>.* PHP Notice: Undefined index: \S+ in /var/www/html/hackerproof/login.php on line

fail2ban 他有很多段,不至於擋不到,差別在於他判斷的log是不是你目前程式裡面有寫到的log裡面

detect password authentication failures

[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/httpd/*error_log
maxretry = 6

detect spammer robots crawling email addresses

[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/httpd/*access_log
bantime = 172800
maxretry = 1

detect potential search for exploits and php vulnerabilities

[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/httpd/*error_log
maxretry = 6

detect Apache overflow attempts

[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/httpd/*error_log
maxretry = 2

detect failures to find a home directory on a server

[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/httpd/*error_log
maxretry = 2

detect failures to execute non-existing scripts that

are associated with several popular web services

e.g. webmail, phpMyAdmin, WordPress

port = http,https
filter = apache-botsearch
logpath = /var/log/httpd/*error_log
maxretry = 2