Mercurial > repos > other > Puppet
view common/fail2ban/ibb-apache-exploits-access.conf @ 6:b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 28 Sep 2014 08:03:46 +0000 |
parents | 956e484adc12 |
children |
line wrap: on
line source
# Fail2Ban configuration file # # Author: IBBoard [Definition] maxretry = 2 # Option: failregex # Notes.: regex to match the password failure messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) # Values: TEXT # failregex = ^<HOST> .*"(?:GET|HEAD|POST) .*/(?:scripts/setup\.php|newticket|phpMyAdmin-\d\.\d\.\d|(?:(?:php)?[Mm]y[Aa]dmin[0-9]?)|[Pp][Mm][Aa]|sql(?:admin|web|manager)?|roundcube|typo3|dbadmin)[^"]*" 40[024] ^<HOST> .*"(?:GET|HEAD|POST) .*\.php/[^/"]+\.php ^<HOST> .*"(?:GET|HEAD|POST) [^\?]+\?[^\?]+=http://[^&]+(?:(?:shell|bot).php|\?\?).*" ^<HOST> .*"(?:GET|HEAD|POST) .*//wp-content/.*" ^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/uploads/200[789]/.*" ^<HOST> .*"(?:GET|HEAD|POST) /projects/[^/]+/[^"]+/newticket\ HTTP ^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/plugins/[^"]*" 40[0-4] ^<HOST> .*"(?:GET|HEAD|POST) [^"]*README[^"]*" 40[0-4] # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex = ^[^ ]+ - [^-]+ /phpmyadmin/favicon.ico