Package: fail2ban
Version: 0.8.1-3
Severity: normal
In /etc/fail2ban/filter.d/apache-badbots.conf, add the last term:
badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
I also added a ssh root filter which I filter more harshly than non-root users:
> cat /etc/fail2ban/filter.d/sshd-root.conf
[Definition]
failregex = (Authentication failure|Failed [-/\w+]+) for.* root .*(?:
from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
A breakin warning message for ssh:
> cat /etc/fail2ban/filter.d/sshd-breakin.conf
[Definition]
failregex = Address (?:::f{4,6}:)?(?P<host>\S*) .* POSSIBLE BREAK-IN ATTEMPT
Apache overflow attempts:
> cat /etc/fail2ban/filter.d/apache-overflows.conf
[Definition]
failregex = [[]client (?P<host>\S*)[]] (Invalid method in request|request
failed: URI too long|erroneous characters after protocol string)
For apache overflows and badbots, I limit maxretries to 1, because they can't
happen innocently.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages fail2ban depends on:
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii python 2.4.4-6 An interactive high-level object-o
ii python-central 0.5.15 register and build utility for Pyt
Versions of packages fail2ban recommends:
ii iptables 1.3.8.0debian1-1 administration tools for packet fi
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
