Detect and stop 404 request attacks with Fail2Ban and NGINX Access Logs

A common activity that hackers and other website visitors with suspicious behavior deploy is running a script on your website to crawl through a pre-populated list of URI’s. If your website sends a 200 or 404 will provide insights into the tech stack of your website plus if your site is allowing access to areas that should not be exposed to the outside world.

This behavior and the rapid succession of requests can easily work against your server and slow down available resources, impacting your site, as well as other sites hosted on the same server.

This behavior can easily be detected and blocked by using Fail2Ban.

For this video, I provisioned a new server with cleavr.io, added a default WordPress site, and added my SSH key.

Cleavr automatically installs and pre-configures Fail2Ban. But, capturing 404 mistreatments isn’t pre-configured as this solution may not be desirable for a use-cases.

However, it is a simple and straightforward option if this type of attack is impacting your servers.