Hi should fail2ban be used to fix this? If yes how?
[core:error] [pid 34065:tid 139976658376256] [client 185.180.143.8:57526] AH10244: invalid URI path (/icons/.%2e/%2e%2e/apache2/icons/sphere1.png)
[core:error] [pid 30791:tid 139976599627328] [client 185.180.143.8:58826] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png)
[core:error] [pid 30792:tid 139976608020032] [client 185.180.143.8:60252] AH10244: invalid URI path (/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png)
[core:error] [pid 93149:tid 139976557663808] [client 199.195.250.129:51770] AH10244: invalid URI path (/cgi-bin/../../../../bin/sh)
I found some threads but I’m not sure which suggestion is right to use.
For example this stackoverflow thread suggests modifying apache-noscript.conf but DigitalOcean says don’t use it if using PHP? I am using a PHP WordPress website.
The
[apache-noscript]jail is used to ban clients that are searching for scripts on the website to execute and exploit. If you do not use PHP or any other language in conjunction with your web server, you can enable this jail to ban those who request these types of resources
source: How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04 | DigitalOcean
If anyone can help that would be much appreciated.
Thank you