| Server IP : 43.141.49.92 / Your IP : 113.219.202.173 Web Server : Apache System : Linux VM-8-5-opencloudos 6.6.34-9.oc9.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Jun 19 19:35:45 CST 2024 x86_64 User : www ( 1000) PHP Version : 8.1.27 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /etc/fail2ban/filter.d/ |
Upload File : |
# Fail2Ban configuration file for roundcube web server # # By default failed logins are printed to 'errors'. The first regex matches those # The second regex matches those printed to 'userlogins' # The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php # # The logpath in your jail can be updated to userlogins if you wish # [INCLUDES] before = common.conf [Definition] prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?: (?:<[\w]+> )?<F-CONTENT>.+</F-CONTENT>$ failregex = ^(?:Login failed|(?i:Failed) login) for <F-USER>(?:(?P<simple>\S+)|.*)</F-USER> (?:against \S+ )?from <ADDR>(?:(?:\([^\)]*\))?\.(?! from ) (?(simple)(?:\S+(?! from ) )*|(?:(?! from ).)*(?: user=(?P=user))? )in \S+\.php on line \d+| in session \w+)?(?: \([^\)]*\))?$ ignoreregex = journalmatch = SYSLOG_IDENTIFIER=roundcube # DEV Notes: # # Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180 # # Part after <HOST> comes straight from IMAP server up until the " in ....." # Earlier versions didn't log the IMAP response hence optional. # # DoS resistance: # # Assume that the user can inject "from <HOST>" into the imap response # somehow. Write test cases around this to ensure that the combination of # arbitrary user input and IMAP response doesn't inject the wrong IP for # fail2ban # # Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens