Commit Graph

767 Commits (98f4d70371c4d168df86af2653f314ea6ad60a0d)

Author SHA1 Message Date
sebres ed22ddbbbb Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
7 years ago
sebres 63e906b2c1 regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
7 years ago
Benedikt Seidl fed6c49c2d nginx-http-auth: match usernames with spaces
7 years ago
Sergey G. Brester b6c6565a7e
regex updated using non-capturing groups
7 years ago
riceru 6a1bbbf101
Update lighttpd-auth.conf
7 years ago
sebres 2b7b0da943 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
7 years ago
sebres 2112145eb4 stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby
7 years ago
sebres 314e402fe0 filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
7 years ago
sebres c30144b37a Merge branch '0.9' into 0.10
7 years ago
Yannik Sembritzki 94f0b15c32
Allow faster parsing of hosts without ' characters in them
7 years ago
Yannik Sembritzki b28dfb965a
Fix filter not catching asterisk requests with quote character in username (fixes #2010)
7 years ago
sebres 2712f72650 Merge remote-tracking branch 'master' into 0.10
7 years ago
Kevin Maradona 6c705d572b filter.d/nginx-limit-req.conf: nginx limit-req log-level can be set to warn or error therefore having this regex will include both of them.
7 years ago
sebres 2b68882502 filter.d/exim.conf: provides mode "aggressive" to ban flood resp. DDOS-similar failures;
7 years ago
sebres 7f89fbc33f Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
7 years ago
Serg G. Brester 4f63180611
Avoid injection using quotes after `auth` command;
7 years ago
Serg G. Brester f59df2e156
Avoid any injecting on protocol (e. g. tries using camel-case)
7 years ago
Peter Nowee aa158ac05f
Exim failregex: Include lower/mixed case AUTH
7 years ago
SlowRiot 660d57e6ba updating my email address
7 years ago
sebres 159957ab88 filter.d/sshd.conf: extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors;
7 years ago
sebres 0e66e3cc57 Merge branch 'master' into 0.10
7 years ago
Michael Newton d5d1fe679f Remove invalid regex
7 years ago
Harry Wood ea1b663f85 typo
7 years ago
sebres e71f16f6ba Merge branch 'master' into 0.10
7 years ago
sebres ea36e1b3fc filter.d/dovecot.conf: fixed failregex to recognize pam_authenticate failures with "Permission denied" (gh-1897)
7 years ago
sebres 8c804a2290 Merge branch 'master' into 0.10
7 years ago
sebres a2120a9de5 filter.d/postfix-*.conf - added optional port regex (closes gh-1902)
7 years ago
sebres b185e7cb04 Merge remote-tracking branch 'upstream/master' into 0.10
7 years ago
Serg G. Brester bb97e66627 Merge pull request #1882 from coderua/patch-1
7 years ago
Serg G. Brester 2cd02b731b filter.d/exim.conf: fixed failregex for case of `D=0s`
7 years ago
sebres 4bc226a692 optimized regex
7 years ago
Vladimir Chumak fafefc0293 Add Jorgee Vulnerability Scanner protect
7 years ago
sebres 4163f32968 small review, prefix replaced with `%(_apache_error_client)s` from apache-common.conf include
7 years ago
john ac95449bbb changed zoneminder regex as per Sebres and yarikoptic recommendations
7 years ago
john 5c3a666380 fixed incomplete regex after adding anchors
7 years ago
john 3d45fd2713 implemented yarikoptic's suggestions in fail2ban pull request #1376
7 years ago
john 08878d22dd added zoneminder.conf filter
7 years ago
sebres c312962029 filter.d/dovecot.conf: partially cherry-pick to 0.9 PR #1880 from sebres/0.10-fix-dovecot-regex (d926e11a5c)
7 years ago
sebres 2cfc53c08e remove capturing groups
7 years ago
sebres 9b8563f35e - fixes regex for message `imap-login: Disconnected (auth failed, X attempts) ...` has to many variations on additional info after `<HOST>`,
7 years ago
Pavel Mihadyuk 4c1abe1cbf phpmyadmin-syslog: removed excess file, fixed test, updated failregex
7 years ago
Pavel Mihadyuk 5b4bc2aafd Added filter for phpMyAdmin+syslog (>=4.7.0). Closes #1713
7 years ago
sebres 94b163936a Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
7 years ago
Serg G. Brester af25a9d203 Merge pull request #1566 from opoplawski/journalmatch
7 years ago
Orion Poplawski 84f552881c Add sendmail journalmatch options
7 years ago
sebres 2fe1479484 Merge branch '_0.9/gh-1849' into 0.10
7 years ago
sebres 5c538fb658 Recognize "unknown user" for additional auth-methods (pam, passwd-file, ldap, sql, etc); simplifying regular expressions (put "unknown user" and "invalid credentials" together as one regex).
7 years ago
sebres 0ef5b7c4d4 small amend to gh-1850: removed greedy catch-all at end.
7 years ago
Marcel Waldvogel daf57547c6 Parse ejabberd 17.06 output
7 years ago
sebres 1a562bed0f Merge remote-tracking branch 'master' into 0.10
7 years ago