mirror of https://github.com/fail2ban/fail2ban
Steven Hiscocks
commit
b4e8514857
|
|
@ -53,6 +53,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
|
|||
- Add filter for apache-modsecurity
|
||||
- filter.d/nsd.conf -- also amended Unix date template to match nsd format
|
||||
- Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
|
||||
- Added filter.d/horde
|
||||
|
||||
- Enhancements:
|
||||
- loglines now also report "[PID]" after the name portion
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
# fail2ban filter configuration for horde
|
||||
|
||||
|
||||
[Definition]
|
||||
|
||||
|
||||
failregex = ^ HORDE \[error\] \[(horde|imp)\] FAILED LOGIN for \S+ \[<HOST>\](\(forwarded for \[\S+\]\))? to (Horde|{[^}]+}) \[(pid \d+ )?on line \d+ of \S+\]$
|
||||
|
||||
|
||||
ignoreregex =
|
||||
|
||||
# DEV NOTES:
|
||||
# https://github.com/horde/horde/blob/master/imp/lib/Auth.php#L132
|
||||
# https://github.com/horde/horde/blob/master/horde/login.php
|
||||
#
|
||||
# Author: Daniel Black
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
# failJSON: { "time": "2004-11-11T18:57:57", "match": true , "host": "203.16.208.190" }
|
||||
Nov 11 18:57:57 HORDE [error] [horde] FAILED LOGIN for graham [203.16.208.190] to Horde [on line 116 of "/home/ace-hosting/public_html/horde/login.php"]
|
||||
|
||||
# failJSON: { "time": "2004-12-15T08:59:59", "match": true , "host": "1.2.3.4" }
|
||||
Dec 15 08:59:59 HORDE [error] [imp] FAILED LOGIN for emai.user@somedomain.com [1.2.3.4] to {mx.somedomain.com:993 [imap/ssl/novalidate-cert]} [pid 68394 on line 139 of /usr/local/www/www.somedomain.com/public_html/horde/imp/lib/Auth/imp.php"]
|
||||
|
||||
Loading…
Reference in New Issue