From b0baab3a0ed67a24fe7e5be06abc5e1f9d624d3e Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 10 Jan 2014 08:40:24 +1100 Subject: [PATCH] ENH: more test cases and wider regex --- config/filter.d/apache-botsearch.conf | 3 +- fail2ban/tests/files/logs/apache-botsearch | 41 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/config/filter.d/apache-botsearch.conf b/config/filter.d/apache-botsearch.conf index 3f887dc5..f7f5488c 100644 --- a/config/filter.d/apache-botsearch.conf +++ b/config/filter.d/apache-botsearch.conf @@ -22,6 +22,7 @@ before = apache-common.conf [Definition] failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): (, referer: \S+)?\s*$ + ^%(_apache_error_client)s script '' not found or unable to stat(, referer: \S+)?\s*$ ignoreregex = @@ -35,7 +36,7 @@ block = (||)[^,]* # These are just convient definitions that assist the blocking of stuff that # isn't installed -webmail = roundcube|mail|horde|webmail +webmail = roundcube|(ext)?mail|horde|(v-?)?webmail phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin) diff --git a/fail2ban/tests/files/logs/apache-botsearch b/fail2ban/tests/files/logs/apache-botsearch index 476f3ad2..dc2de366 100644 --- a/fail2ban/tests/files/logs/apache-botsearch +++ b/fail2ban/tests/files/logs/apache-botsearch @@ -1,2 +1,43 @@ # failJSON: { "time": "2008-07-22T06:48:30", "match": true , "host": "198.51.100.86" } [Tue Jul 22 06:48:30 2008] [error] [client 198.51.100.86] script not found or unable to stat: /var/www/wp-login.php + +# failJSON: { "time": "2013-12-23T09:49:10", "match": true , "host": "115.249.248.145" } +[Mon Dec 23 09:49:10 2013] [error] [client 115.249.248.145] File does not exist: /var/www/pma +# failJSON: { "time": "2013-12-23T09:49:10", "match": true , "host": "115.249.248.145" } +[Mon Dec 23 09:49:10 2013] [error] [client 115.249.248.145] File does not exist: /var/www/phpmyadmin +# failJSON: { "time": "2013-12-23T09:49:13", "match": true , "host": "115.249.248.145" } +[Mon Dec 23 09:49:13 2013] [error] [client 115.249.248.145] File does not exist: /var/www/webmail +# failJSON: { "time": "2013-12-23T09:49:13", "match": true , "host": "115.249.248.145" } +[Mon Dec 23 09:49:13 2013] [error] [client 115.249.248.145] File does not exist: /var/www/mail + +# failJSON: { "time": "2013-12-31T09:13:47", "match": true , "host": "176.102.37.56" } +[Tue Dec 31 09:13:47 2013] [error] [client 176.102.37.56] script '/var/www/wp-login.php' not found or unable to stat + +# failJSON: { "time": "2014-01-03T09:20:23", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:20:23 2014] [error] [client 46.23.77.174] File does not exist: /var/www/mail +# failJSON: { "time": "2014-01-03T09:20:25", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:20:25 2014] [error] [client 46.23.77.174] File does not exist: /var/www/mail_this_entry +# failJSON: { "time": "2014-01-03T09:26:52", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:26:52 2014] [error] [client 46.23.77.174] File does not exist: /var/www/pmapper-3.2-beta3 +# failJSON: { "time": "2014-01-03T09:33:53", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:33:53 2014] [error] [client 46.23.77.174] File does not exist: /var/www/v-webmail +# failJSON: { "time": "2014-01-03T09:34:15", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:34:15 2014] [error] [client 46.23.77.174] File does not exist: /var/www/vwebmail +# failJSON: { "time": "2014-01-03T09:35:47", "match": true , "host": "46.23.77.174" } +[Fri Jan 03 09:35:47 2014] [error] [client 46.23.77.174] File does not exist: /var/www/webmail +# failJSON: { "time": "2013-12-23T21:21:39", "match": true , "host": "183.60.244.49" } +[Mon Dec 23 21:21:39 2013] [error] [client 183.60.244.49] File does not exist: /var/www/extmail, referer: http://www.baidu.com +# failJSON: { "time": "2013-12-23T21:21:44", "match": true , "host": "183.60.244.49" } +[Mon Dec 23 21:21:44 2013] [error] [client 183.60.244.49] File does not exist: /var/www/extmail, referer: http://www.baidu.com +# failJSON: { "time": "2013-12-23T21:21:47", "match": true , "host": "183.60.244.49" } +[Mon Dec 23 21:21:47 2013] [error] [client 183.60.244.49] File does not exist: /var/www/mails, referer: http://www.baidu.com +# failJSON: { "time": "2013-12-23T21:22:00", "match": true , "host": "183.60.244.49" } +[Mon Dec 23 21:22:00 2013] [error] [client 183.60.244.49] File does not exist: /var/www/extmail, referer: http://www.baidu.com +# failJSON: { "time": "2013-12-23T21:22:16", "match": true , "host": "183.60.244.49" } +[Mon Dec 23 21:22:16 2013] [error] [client 183.60.244.49] File does not exist: /var/www/phpmyadmin, referer: http://www.baidu.com + +# failJSON: { "time": "2014-01-03T14:50:39", "match": false , "host": "92.43.20.165" } +[Fri Jan 03 14:50:39 2014] [error] [client 92.43.20.165] script '/var/www/forum/mail.php' not found or unable to stat + +# failJSON: { "time": "2014-12-06T09:29:34", "match": false , "host": "122.49.201.178" } +[Fri Dec 06 09:29:34 2013] [error] [client 122.49.201.178] client denied by server configuration: /var/www/webmail/.htaccess