Thanks for answer Matthew,
I looked for failregex builder also but without success. Anyway, i found
examples on the internet and made my self. It;s working.
Best regards.
>-------- Оригинално писмо --------
>От: Matthew Demaree [email protected]
>Относно: RE: [Fail2ban-users] I need failregex for exim log.
>До: kuncho pencho
>Изпратено на: 14.01.2016 11:38
.abv-omExternalClass p.MsoNormal { margin: 0.0in; font-size: 12.0pt;
font-family: 'Times New Roman', serif; } .abv-omExternalClass a:link { color:
#0563c1; } .abv-omExternalClass a:visited { color: #954f72; }
.abv-omExternalClass p.msonormal0 { margin-right: 0.0in; margin-left: 0.0in;
font-size: 12.0pt; font-family: 'Times New Roman', serif; }
.abv-omExternalClass span.EmailStyle18 { font-family: 'Calibri', sans-serif;
color: #1f497d; } .abv-omExternalClass .MsoChpDefault { font-size: 10.0pt; }
.abv-omExternalClass div.WordSection1 { }
Seems to be a rather large distributed brute force attack going around, I
banged my head with fail2ban for a bit but decided another course of action was
needed. I was constantly hit until installing Atomic Secured Linux and
subsequently Mod Security with the apache mod_qos. They were mostly after my
Wordpress pages but this got them to stop. Fail2ban was unable to keep up with
the requests nor prevent the attacks from occurring, this locked down my
wp-admin pages no problem but ran into blocking issues with some customers. ASL
as a solution for exim as well…
I attempted to find a failregex builder for your string below but failed
miserably.
-Matt
From: kuncho pencho [mailto: [email protected] ]
Sent: Thursday, January 14, 2016 4:08 AM
To: [email protected]
Subject: [Fail2ban-users] I need failregex for exim log.
Hi,
I have a lot of brute force attacks in exim log. So i need a failregex for
exim. The string which i want to match is:
H=(ylmf-pc) [218.109.220.68] rejected EHLO or HELO ylmf-pc: ylmf-ps is blocked
So, any advice?
Thanks. :)
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
