Package: fail2ban Version: 0.7.5-2 Severity: normal The regexp in apache-noscript.conf also matches if the *referer* url contains "evil" scripts. For example it matches on:
[Thu Jul 24 20:53:18 2008] [error] [client 93.133.180.18] File does not exist: /var/www/foo01/mambots, referer: http://www.foobar.de/index.php The correct regexp would be: failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl) The problem still exists in the latest version in unstable. Best regards, Bernd -- Bernd Zeimetz Debian GNU/Linux Developer GPG Fingerprint: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

