fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	2ed414ed09	fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence closes GHSA-m985-3f3v-cwmm for 0.9	3 years ago
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	4 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	83f626c4aa	(grave) closes gh-2431: replace newlines in message from systemd journal (otherwise multi-line parsing is broken, because removal of matched string from multi-line buffer window is confused by extra new-lines, so they are retained and got matched on every followed message).	6 years ago
Sergey G. Brester	7a463eb3f7	closes gh-2395: safe conversion of `SYSLOG_PID` or `_PID` (if journal entry contains a string instead of numeric)	6 years ago
Sergey G. Brester	7a7a905ab2	0.9 - Merge pull request #2339 from cFire/master Add override for dovecot failed logins on debian	6 years ago
sebres	f3cea45d2a	Merge pull request #2290 from james-choncholas/0.11 (rebased)	6 years ago
sebres	1a9527e6a4	fixed catch-all on user (and simplifying)	6 years ago
jim	a7f3ba87f6	filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy; (broken by commit `72b06479a5`), replacement for gh-2290.	6 years ago
Sergey G. Brester	5c44ca714f	Merge pull request #2317 from Yannik/patch-2 Fix asterisk filter not catching attackers when port is logged (in pjsip module)	6 years ago
Cool Fire	27526e431b	Changes static logfile string to variable Since we don't want to re-declare a log file name we already have a varialbe for, use the existing variable to set dovecot_log.	6 years ago
Cool Fire	b31a018e7c	Add override for dovecot failed logins on debian	6 years ago
Yannik Sembritzki	547504873e	Add test case for new asterisk pjsip log syntax which includes the port	6 years ago
Yannik Sembritzki	6b4404b1bc	Fix asterisk filter not catching attackers when port is logged (Fixes #2316 )	6 years ago
Sergey G. Brester	189c3f964b	Merge pull request #2276 from dienteperro/patch-1 "be" instead of "me" in shorewall.conf	6 years ago
dienteperro	0df221b54b	"be" instead of "me" in shorewall.conf	6 years ago
Shane Forsythe	8614ca8c41	Update proftpd.conf proftpd 1.3.5e can leave inconsistent error message if ftp or mod_sftp is used Oct 2 15:45:31 ftp01 proftpd[5516]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted Oct 2 15:45:44 ftp01 proftpd[5517]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted. Fix regex to make trailing period optional, otherwise brute force attacks against root account using ftp are not blocked correctly.	6 years ago
cheese1	43db4411de	small typo	7 years ago
Sergey G. Brester	088192ea9f	Merge pull request #1960 from comradekingu/patch-1 https, "Fail2Ban", other language improvements	7 years ago
Sergey G. Brester	9710c8c996	minor fix with reindent	7 years ago
Allan Nordhøy	d7e320b96d	reverting linux indentation	7 years ago
Sergey G. Brester	37f5a6975e	Merge pull request #2015 from BenediktSeidl/nginx-http-auth--spaces-fix nginx-http-auth: match usernames with spaces	7 years ago
sebres	63e906b2c1	regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name	7 years ago
Benedikt Seidl	fed6c49c2d	nginx-http-auth: match usernames with spaces # Conflicts: # ChangeLog	7 years ago
Sergey G. Brester	9a8c4a9869	Merge pull request #2018 from riceru/patch-1 lighttpd-auth.conf: new log-format (http_auth -> mod_auth)	7 years ago
Sergey G. Brester	b6c6565a7e	regex updated using non-capturing groups	7 years ago
Sergey G. Brester	9a46590486	extended test-cases to cover new log-format (http_auth -> mod_auth)	7 years ago
riceru	6a1bbbf101	Update lighttpd-auth.conf I have lighttpd 1.4.45 (Debian 9) and auth error log is different. Now printing mod_auth and not http_auth. I think that the change was in Lighttp 1.4.42	7 years ago
Serg G. Brester	7e05976ead	action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now. Closes #2000	7 years ago
sebres	314e402fe0	filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)	7 years ago
Serg G. Brester	029cd5aa24	Update ChangeLog	7 years ago
Serg G. Brester	597a27576e	Merge pull request #1908 from GetPageSpeed/firewallcmd-ipset-allports New ban mode `allports` for `firewallcmd-ipset`. Closes #1167	7 years ago
sebres	131b94e11e	firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage: banaction = firewallcmd-ipset[actiontype="<allports>"]	7 years ago
Danila Vershinin	c190631f88	New ban action firewallcmd-ipset-allports. Closes #1167	7 years ago
sebres	3d9a112c8f	cherry-pick newer version of extractOptions, in order to avoid large discrepancy between 0.10 and 0.9 config-parsers: allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`; simplified explanation: `][` treats as `,` in new version. cherry-picked from 0.10.	7 years ago
Serg G. Brester	82f8bd8639	Merge pull request #2011 from Yannik/patch-1 Fix filter not catching asterisk requests with quote character in username (fixes #2010)	7 years ago
Serg G. Brester	f7e2d3610b	Update ChangeLog	7 years ago
Serg G. Brester	a1d1498561	Restore log-entries not affected by #2011	7 years ago
Yannik Sembritzki	aab54bb0dd	don't replace normal test case with specialized test case	7 years ago
Yannik Sembritzki	94f0b15c32	Allow faster parsing of hosts without ' characters in them	7 years ago
Yannik Sembritzki	eaf5e88692	replace actual offenders ip with 1.2.3.4	7 years ago
Yannik Sembritzki	184202c6aa	remove duplicate testcase	7 years ago
Yannik Sembritzki	a53ee46ad4	add test for asterisk pjsip attack with quote in username	7 years ago
Yannik Sembritzki	b28dfb965a	Fix filter not catching asterisk requests with quote character in username (fixes #2010 )	7 years ago
Serg G. Brester	f96761927d	Merge pull request #1969 from RaidForums/patch-1 Update nginx-limit-req filter.	7 years ago
Kevin Maradona	6c705d572b	filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them.	7 years ago
Serg G. Brester	f834e7826d	Merge pull request #1979 from peternowee/fix-exim-lowercase-auth Exim failregex: Include lower/mixed case AUTH	7 years ago
Peter Nowee	e4bbaf3d58	Update ChangeLog	7 years ago
Serg G. Brester	cbd63d9cd5	added test to cover quoted injecting on AUTH command	7 years ago
Serg G. Brester	4f63180611	Avoid injection using quotes after `auth` command; Added non-greedy fallback for quoted something (with lookahead simulated possessive greedy catch of non-quoted parts `[^"](?=")`). Note that because host-info's are hereafter (with foreign input in-between), we would not use greedy or non-greedy catch-alls (`.` or `.*?`) here (preventing performance losses).	7 years ago

1 2 3 4 5 ...

3735 Commits (2ed414ed09b3bb4c478abc9366a1ff22024a33c9) All Branches Search

3735 Commits (2ed414ed09b3bb4c478abc9366a1ff22024a33c9)

All Branches