# Apache2 deny hosts after repeated proxy attempts.

## potuz

Hello, I am very new to hosting a small websiste and am slowly reading through the documentation on Apache. I started the server after a basic setup and quickly after I found these kinds of appearances in the logs:

```
115.230.124.174 - - [05/Nov/2015:01:55:12 -0200] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1499531140925143 HTTP/1.1" 403 280

5.196.75.95 - - [04/Nov/2015:23:02:10 -0200] "GET /muieblackcat HTTP/1.1" 404 275

5.196.75.95 - - [04/Nov/2015:23:02:10 -0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 291

5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 291

5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 284

5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 288

5.196.75.95 - - [04/Nov/2015:23:02:12 -0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 288

141.212.122.112 - - [04/Nov/2015:22:10:34 -0200] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 405 302

```

which sound like a couple of spammers and perhaps some Windows Zombie in France looking for holes in my PHP conf. I figured I'd like to automatically block such attempts and thought of denyhosts. However, I stumbled upon this thread and realized that even my sshd was not being protected by denyhosts from brute-force attacks. So I am asking here specifically for Apache, how can I automatically add these hosts to a blacklist? and first how can I have a blacklist?

Thanks

----------

## hdcg

Hi potuz,

tools like fail2ban (https://packages.gentoo.org/packages/net-analyzer/fail2ban) are your friend here.

fail2ban monitors your logs and in case of malicious messages a firewall rule is issued to keep the causing ip out.

Best Regards,

Holger

----------

## Syl20

You should consider mod_security and mod_evasive too.  :Wink: 

----------

