Previously, an attacker could fake a domain like
crawl-1-1-1-1.googlebot.com.fake.net and get resolved. This change
avoids to resolve fake Google domains.
Document the changes from 36919d9f in the ChangeLog and add myself to
the THANKS file (at @sebres suggestion).
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
The regex for matching against "Auth fail" disconnect log message does
not match against current versions of ssh. OpenSSH 5.9 introduced
privilege separation of the pre-auth process, which included
[logging through monitor.c](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.113&r2=1.114)
which adds " [preauth]" to the end of each message and causes the log
level to be prepended to each message.
It also fails to match against clients which send a disconnect message
with a description that is either empty or includes a space, since this
is the content in the log message after the disconnect code, per
[packet.c:1785](http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c?annotate=1.215),
which was matched by \S+. Although I have not observed this yet, I
couldn't find anything which would preclude it in [RFC
4253](https://tools.ietf.org/html/rfc4253#section-11.1) and since the
message is attacker-controlled it provides a way to avoid getting
banned.
This commit fixes both issues.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
* origin/master:
DOC: changelog for the timeout change
Set Timeout at urlopen to 3 seconds
README :: init/service example mentions debian based systems as the example
README :: fitted paragraph style
BF: disable testing on python 3.2 until coverage gets a fix
README :: Some style/grammar tweaks, and init/service script mention. Re: #1193
Set Timeout at urlopen to 3 seconds
* origin/master:
Comment spelling fixes
logrotate: Do not rotate empty logs
logrotate: Remove outdated Fedora comment
Updated Changelog
Bugfix for dnsToIp resolver for fqdn with large list of IPs; closes#1164
Added apache-badbots.conf
Update gen_badbots
Update apache-badbots.conf
changelog for freshly merged PR (roundcube-auth definition of logpath)
Fixed line suspected to be faulty
renamed <NAME> to correct <ACT> in protocol
Conflicts:
fail2ban/tests/actiontestcase.py -- due to comments fix up
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.