Commit 2e29e0ba authored by Chris Layton's avatar Chris Layton

adding a few inital files

parents
# Fail2Ban configuration file
#
# Author: Chris Layton <linux@misterx.org>
#
# Revision : 0.1
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch Apache xmlrpc brute force attempts.
# Values: TEXT
#
#failregex = [client 178.175.79.114] client denied by server configuration: <REMOVED>/xmlrpc.php
failregex = [[]client <HOST>[]] client denied by server configuration.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# Fail2Ban configuration file
#
# Author: Chris Layton <linux@misterx.org>
# Requires : Vpopmail
# 0.2
#
#
[Definition]
# Option: failregex
# Notes.:
#
# Values: TEXT
#
# Log Example : Sep 8 00:36:51 <REMOVED> vpopmail[15528]: vchkpw-smtp: vpopmail user not found noauth@:46.20.33.72
failregex = vpopmail user not found .*@.*:<HOST>
password fail \(pass: '.*'\) .*@.*:<HOST>
AUTH failed \[<HOST>\]
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
# Fail2Ban configuration file
#
# Author: Chris Layton <linux@misterx.org>
# Requires : spamdyke http://www.spamdyke.org/ with RDNS blocking setup.
# 0.5
#
[Definition]
# Option: failregex
# Notes : Helps keep IO down agaisnt hosts that have impropper RDNS setup. NOTE This blocks them so, after the first attempt, they are blocked for the duration. Even if they fix their end they are still blocked till you remove the block. Based off that I recommend a short life on the block. This can really help lower CPU load against spammers that blast from hosts with no RDNS via TLS/SSL connections to your server
# Values: TEXT
# Example log entry : Sep 10 20:46:43 <REMOVED> spamdyke[27043]: DENIED_RDNS_MISSING from: transfuset98@btc-bci.com to: ovar@<REMOVED> origin_ip: 118.46.132.39 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty)
failregex = DENIED_RDNS_MISSING from: (.*) to: .*@.* origin_ip: <HOST>
ignoreregex =
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment