fail2ban

Commit Graph

Author	SHA1	Message	Date
jungle-boogie	d889918f19	update doc url direct to confluence page. no code changes.	9 years ago
Yaroslav Halchenko	aa303acfd6	Merge pull request #1381 from theDogOfPavlov/patch-3 Tightened up exim regexes to catch rDNS entries	9 years ago
Alexandre Perrin	7712310d2d	Be more backward compatible on matching postfix/smtps/smtpd Support trailing smtps also and not only smtpd. suggested by @sebres	9 years ago
Alexandre Perrin	1a299409e5	Fix postfix/smtps/smtpd matching.	9 years ago
theDogOfPavlov	1eb51b1bc2	Tightened up regexes to catch rDNS entries	9 years ago
Serg G. Brester	b9b7ecbf6b	Merge pull request #1357 from sebres/monit-new-fltr monit filter fixup for the new version (gh-1355)	9 years ago
sebres	ac27c9cb96	Merge branch 'patch-2' (gh-1371)	9 years ago
Serg G. Brester	0effe76971	Merge pull request #1370 from theDogOfPavlov/patch-1 Added regex for LDAP authentication failures	9 years ago
jblachly	e9202fa0b2	Placed failure (illumos) at end of regex	9 years ago
theDogOfPavlov	fe1475be95	Additional exim regexes to cover common attacks...	9 years ago
theDogOfPavlov	cf2aa9c1c0	Added regex for LDAP authentication failures	9 years ago
jblachly	25c2334bc8	SmartOS PAM Authentication failed (not failURE) SmartOS (and likely other Illumos platforms) enter log entries for failed sshd logins of the form: `Authentication failed for USER from HOST` The current sshd.conf regex matches `failure` -- add to this a match for `failed` to support Illumos	9 years ago
Johannes Weberhofer	bd25a43417	define journalmatch setting for pure-ftps	9 years ago
sebres	37c9075fad	fixed monit filter: failregex find now both previous and new versions: - failregex of previous monit version merged as single expression; - extended failregex with new monit "access denied" version;	9 years ago
Yaroslav Halchenko	385b50e4a9	Merge pull request #1343 from denics/master adding wp-admin to bot search	9 years ago
Denix	ed0e572bfc	added wp-admin bot are very annoying and I am getting a lot of checks on wp-admin. This should calm them.	9 years ago
Yaroslav Halchenko	6ffbc1ffad	ENH: revert back to having detailed suffix anchored at the end for mysqld-auto.conf As discussed in https://github.com/fail2ban/fail2ban/pull/1333#discussion_r54100127	9 years ago
Yaroslav Halchenko	3e31145c33	Merge pull request #1331 from whyscream/postfix-multi-instance-support Add support for matching postfix multi-instance daemon names by default	9 years ago
sebres	667785b608	mysqld: failregex fixed (accepts different log level, more secure expression now); closes #1332	9 years ago
Tom Hendrikx	6c606cf98f	Add support for matching postfix multi-instance daemon names by default	9 years ago
Yaroslav Halchenko	905c87ca4a	Merge pull request #1310 from yarikoptic/pr-1288 NF: HAProxy HTTP Auth filter	9 years ago
sebres	d8e81eb417	regexp rewritten (few vulnerable as previous) + test case added	9 years ago
3eBoP	257b7049d8	Update asterisk filter: changed regex for "Call from ...". Sometimes extension can have a plus symbol (+) because they can be phone number. Closes #1309	9 years ago
Pierre GINDRAUD	b5a07741c8	Add new regex into postfix filter. The new regexp is able to detect bad formatted SMTP EHLO command	9 years ago
Jordan Moeser	d7b46509d8	Update haproxy-http-auth.conf Updated failregex to be more strict	9 years ago
Jordan Moeser	e133762a28	Added HAProxy HTTP Auth filter	9 years ago
Yaroslav Halchenko	69aa1feac0	Merge "Mac OS Screen Sharing filter" PR 1232 * pr/1232/head: removed system.log Removed old svn revision comment removed false matches Removed includes comment for screensharing jail Now using a literal logpath for screensharing jail Fixed blatant typo in regex clarified comments on sample log format Fixed name (again?) Made screensharing jail off by default Changed regex prequel added entry for new screensharingd filter name change & new sample data Added json metadata Sample log for test case Replaced .* with literal Update jail.conf Added new path variable for system.log Added in settings for screensharingd filter Created file Conflicts: ChangeLog - moved to New Features config/jail.conf - kept at the end	9 years ago
Yaroslav Halchenko	26dd6d7425	Merge pull request #1258 from aleksandrs-ledovskis/feature/postfix-domain-not-found-failregex Add 'Sender address rejected: Domain not found' Postfix failregex	9 years ago
Ross Brown	8d12dba245	Merge remote-tracking branch 'upstream/master'	9 years ago
Ross Brown	ead2d509dc	Updated 'murmur' filter to use new double-anchored regex based on @yarikoptic's suggestions.	9 years ago
Yaroslav Halchenko	5d6cead996	ENH: sshd filter -- match new "maximum auth attempts exceeded" (Closes #1269 )	9 years ago
Ross Brown	106c3eab9a	Added filter and jail for murmur/mumble-server.	9 years ago
Aleksandrs Ļedovskis	fa59a6850f	Add 'Sender address rejected: Domain not found' Postfix failregex Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>	9 years ago
Simon Brown	3e16f33dbe	Removed old svn revision comment	9 years ago
sebres	53b39162a1	Shortly, much faster and stable version of regexp (possible because expression is start-anchored and does not contains closely to catch-all sub expressions)	9 years ago
sebres	6884593ab8	New filter `nginx-limit-req` ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module)	9 years ago
Simon Brown	cabd46f069	Fixed blatant typo in regex However, still failing test, even though ```PYTHONPATH=. fail2ban-regex -v fail2ban/tests/files/logs/screensharingd /etc/fail2ban/filter.d/screensharingd.conf``` gives desired result	9 years ago
Simon Brown	4b4d5a95b7	Changed regex prequel Use standard prefix macro instead of literal daemon name.	9 years ago
Simon Brown	4c3f778b82	Replaced .* with literal Per Serg's suggestions. Possible I'm missing some auth attempt types, but I couldn't find anything where literal wasn't sufficient.	9 years ago
Simon Brown	3ec725a2ba	Created file From https://github.com/beezwax/filemaker-fail2ban/blob/master/fail2ban/filter.d/screensharingd.conf	9 years ago
1technophile	2861a957a9	filter for openhab domotic software authentication failure with the rest api and web interface + test cases; closes gh-1223	9 years ago
Pablo Rodriguez Fernandez	2c576c64f8	Change domain filter regex Change domain filter regex since there are other Google crawlers. See "Google crawlers" <https://support.google.com/webmasters/answer/1061943?hl=en>	9 years ago
Pablo Rodriguez Fernandez	74fcb219ab	Enhanced Google domain detection in apache-fakegooglebot Previously, an attacker could fake a domain like crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change avoids to resolve fake Google domains.	9 years ago
Pablo Rodriguez Fernandez	a28e6b442e	Add check in apache-fakegooglebot to protect against PTR fake record An attacker may return a PTR record which fakes a Googlebot's domain name. This modification resolves the PTR records to verify it. See "Verifying Googlebot": <https://support.google.com/webmasters/answer/80553?vid=1-635800030504666679-1963774919>	9 years ago
sebres	2696ede251	mysqld-auth: Updated "Access denied ..." regex for MySQL 5.6 and later closes gh-1211	9 years ago
Kevin Locke	36919d9f97	ssh.conf: Fix disconnect "Auth fail" matching The regex for matching against "Auth fail" disconnect log message does not match against current versions of ssh. OpenSSH 5.9 introduced privilege separation of the pre-auth process, which included [logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114) which adds " [preauth]" to the end of each message and causes the log level to be prepended to each message. It also fails to match against clients which send a disconnect message with a description that is either empty or includes a space, since this is the content in the log message after the disconnect code, per [packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215), which was matched by \S+. Although I have not observed this yet, I couldn't find anything which would preclude it in [RFC 4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the message is attacker-controlled it provides a way to avoid getting banned. This commit fixes both issues. Signed-off-by: Kevin Locke <kevin@kevinlocke.name>	9 years ago
Edward Beckett	835b3ff483	Update apache-badbots.conf Useragent strings including `+http` need to be escaped to be valid.	9 years ago
Viktor Szépe	5d60700c0c	Added pass2allow (knocking with fail2ban)	10 years ago
Viktor Szépe	a3b8257b73	Add HEAD method verb to apache-badbots, nginx-badbots	10 years ago
Lee Clemens	f7444f16b8	Add optional session id prefix for roundcube 1.1.1	10 years ago

1 2 3 4 5 ...

587 Commits (d6eae28eb5e61e27139e27432d1daa40a025d57c)