Package: fail2ban
Version: 0.7.5-2
Severity: normal

The regexp in apache-noscript.conf also matches if the *referer* url
contains "evil" scripts. For example it matches on:

[Thu Jul 24 20:53:18 2008] [error] [client 93.133.180.18] File does not exist: 
/var/www/foo01/mambots, referer: http://www.foobar.de/index.php

The correct regexp would be:
failregex = [[]client <HOST>[]] (File does not exist|script not found or unable 
to stat): /\S*(\.php|\.asp|\.exe|\.pl)


The problem still exists in the latest version in unstable.

Best regards,

Bernd


--
 Bernd Zeimetz                           Debian GNU/Linux Developer
 GPG Fingerprint: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to