Mercurial > repos > other > Puppet

annotate common/fail2ban/ibb-apache-exploits-instaban.conf @ 130:eb32a4978a7c puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Be less agressive with blocking on the grounds of SPF
author IBBoard <dev@ibboard.co.uk>
date Thu, 06 Oct 2016 19:02:30 +0100
parents 956e484adc12
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
1 # Fail2Ban configuration file
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
2 #
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
3 # Author: IBBoard
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
4
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
5 [Definition]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
6
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
7 # Option: failregex
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
8 # Notes.: regex to match the password failure messages in the logfile. The
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
9 # host must be matched by a group named "host". The tag "<HOST>" can
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
10 # be used for standard IP/hostname matching and is only an alias for
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
11 # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
12 # Values: TEXT
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
13 #
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
14 failregex = ^<HOST> .*"(?:GET|HEAD|POST) .*/proc/self/environ.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
15 ^<HOST> .*"(?:GET|HEAD|POST) /w00tw00t\.at\..+\:\).*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
16 ^<HOST> .*"(?:GET|HEAD|POST) .*\?module=http(?:s)?:.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
17 ^<HOST> .*"(?:GET|HEAD|POST) .*\?write.phpdir=http(?:s)?:.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
18 ^<HOST> .*"(?:GET|HEAD|POST) .*\?src=http(?:s)?:.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
19 ^<HOST> .*"(?:GET|HEAD|POST) .*ivrrecording.php.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
20 ^<HOST> .*"(?:GET|HEAD|POST) .*\?php=info&ip=uname.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
21 ^<HOST> .*"(?:GET|HEAD|POST) .*\?input_file=http(?:s)?://.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
22 ^<HOST> .*"(?:GET|HEAD|POST) .*\?dir=http(?:s)?://.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
23 ^<HOST> .*"(?:GET|HEAD|POST) .*\?f=http(?:s)?://.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
24 ^<HOST> .*"(?:GET|HEAD|POST) .*([\+-]{5,})Result.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
25 ^<HOST> .*"(?:GET|HEAD|POST) .*onmousedown=%%22
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
26 ^<HOST> .*"(?:GET|HEAD|POST) .*/bin/msgimport.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
27 ^<HOST> .* " " [2-5]
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
28 ^<HOST> .*"(?:GET|HEAD|POST) .*//filemanager/.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
29 ^<HOST> .*"(?:GET|HEAD|POST) .*//php[Mm]y[Aa]dmin.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
30 ^<HOST> .*"(?:GET|HEAD|POST) .*///wp-content/themes/.*"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
31 ^<HOST> .*"(?:GET|HEAD|POST) .*\?[^"]+union(?:%%20|\+)select.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
32 ^<HOST> .*"(?:GET|HEAD|POST) .*\?[[^"]+\+(?:and|or)\+(?:1|%%2[27][xy]%%2[27])%%3D(?:1|%%2[27][xy]%%2[27]).*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
33 ^<HOST> .*"(?:GET|HEAD|POST) .*\?[^"]+\?\?\?
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
34 ^<HOST> .*"(?:GET|HEAD|POST) .*%%5BPLM=.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
35 ^<HOST> .*"(?:GET|HEAD|POST) /config/[^\.]+\.php\?[^"]+&sid=[a-z0-9]+
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
36 ^<HOST> .*\?.*(?:\.\./|%%2E%%2E%%2F){3,}.*%%00
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
37 ^<HOST> .*"\\x16\\x03\\x01"
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
38 ^<HOST> .*"PROPFIND /[^%%/"]%%24
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
39 ^<HOST> .*"(?:GET|HEAD|POST) /manager/status [^"]*" 404
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
40 ^<HOST> .*"(?:GET|HEAD|POST) [^"]*allow_url_include%%3d1.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
41 ^<HOST> .*"(?:GET|HEAD|POST) .*php://.*
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
42 ^<HOST> .*"CONNECT
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
43 ^<HOST> .*"POST "
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
44 ^<HOST> .*"(?:GET|POST) /[^"]+\.php.*174\.123\.231\.2(?:29|30)
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
45 ^<HOST> .*"(?:GET|HEAD|POST)[^"]+" 402
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
46
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
47 # Option: ignoreregex
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
48 # Notes.: regex to ignore. If this regex matches, the line is ignored.
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
49 # Values: TEXT
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
50 #
956e484adc12 Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff changeset
51 ignoreregex =