github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

ENH: add apache-botsearch. Closes gh-544

pull/556/head
Daniel Black 2014-01-03 23:12:58 +11:00
parent e6a329210f
commit 7c09a61ca5
4 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -56,6 +56,7 @@ configuration before relying on it.
according to the XARF standard (v0.2). Close gh-105
* Add filter for apache-modsecurity
* Support PyPy
* Add filter for apache-botsearch
- Enhancements
* Multiline filter for sendmail-spam. Close gh-418

2
MANIFEST
View File

@ -96,6 +96,7 @@ fail2ban/tests/files/logs/bsd/syslog-vv.txt
fail2ban/tests/files/logs/3proxy
fail2ban/tests/files/logs/apache-auth
fail2ban/tests/files/logs/apache-badbots
fail2ban/tests/files/logs/apache-botscripts
fail2ban/tests/files/logs/apache-modsecurity
fail2ban/tests/files/logs/apache-nohome
fail2ban/tests/files/logs/apache-noscript
@ -159,6 +160,7 @@ config/jail.conf
config/filter.d/common.conf
config/filter.d/apache-auth.conf
config/filter.d/apache-badbots.conf
config/filter.d/apache-botsearch.conf
config/filter.d/apache-nohome.conf
config/filter.d/apache-noscript.conf
config/filter.d/apache-overflows.conf

37
config/filter.d/apache-botsearch.conf Normal file
View File

@ -0,0 +1,37 @@
# Fail2Ban filter to block web requests for stuff that doesn't exist
#
# This is normally a predefined list of exploitable or valuable web services
# that are hidden or aren't actually installed.
#
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): <webroot><block>(, referer: \S+)?\s*$
ignoreregex =
[Init]
# Webroot represents the webroot on which all other files are based
webroot = /var/www/
# Block is the actual non-found directories to block
block = (<webmail>|<phpmyadmin>|<wordpress>)
# These are just convient definitions that assist the blocking of stuff that
# isn't installed
webmail = roundcube|mail|horde|webmail
phpmyadmin = (typo3/|xampp/|)(pma|(php)?myadmin)
wordpress = wp-(login|signup)\.php
# DEV Notes:
#
# Author: Daniel Black

2
fail2ban/tests/files/logs/apache-botsearch Normal file
View File

@ -0,0 +1,2 @@
# failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" }
[Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /var/www/wp-login.php