Current Path : /etc/fail2ban/filter.d/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //etc/fail2ban/filter.d/roundcube-auth.conf |
# Fail2Ban configuration file for roundcube web server # # # [INCLUDES] before = common.conf [Definition] failregex = ^\s*(\[(\s[+-][0-9]{4})?\])?(%(__hostname)s roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$ ignoreregex = # DEV Notes: # # Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180 # # Part after <HOST> comes straight from IMAP server up until the " in ....." # Earlier versions didn't log the IMAP response hence optional. # # DoS resistance: # # Assume that the user can inject "from <HOST>" into the imap response # somehow. Write test cases around this to ensure that the combination of # arbitrary user input and IMAP response doesn't inject the wrong IP for # fail2ban # # Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black