Created
February 20, 2018 16:54
-
-
Save tavy315/b497bd61e838e29624b2b6d1dcb3a586 to your computer and use it in GitHub Desktop.
Fail2ban filter to ban a list of ips accessing vulnerable scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HOW TO APPLY THIS RULE: JAIL.LOCAL | |
| # | |
| # make sure to use a smaller name, so you don't exceed the limit | |
| # | |
| # [apache-hackers] | |
| # enabled = true | |
| # port = http,https | |
| # filter = apache-hackers | |
| # banaction = iptables-allports | |
| # logpath = /var/log/apache*/*access*.log | |
| # maxretry = 0 # no retries allowed, ban immediately | |
| [Definition] | |
| failregex = ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/cherry-plugin\/admin\/import-export\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/wp-symposium\/server\/php\/index\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/wp-property\/third-party\/uploadify\/uploadify\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/wp-handy-lightbox\/begin\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/wpstorecart\/php\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/uploader\/uploadify\/uploadify\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/Tevolution\/tmplconnector\/monetize\/templatic-custom_fields\/single-upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/simple-dropbox-upload-form\/dragup\/ HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/simple-ads-manager\/sam-ajax-admin\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "GET \/wp-content\/plugins\/showbiz\/temp\/update_extract\/2uZkB\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/sharexy\/ajaxresponder\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "GET \/wp-content\/plugins\/reflex-gallery\/admin\/scripts\/FileUploader\/php\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/page-google-maps\/pr\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/mm-forms-community\/includes\/doajaxfileupload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/mailpress\/mp-includes\/action\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/google-maps-by-daniel-martyn\/inuse\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/gallery-slider\/register\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/gallery-plugin\/upload\/php\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/font-uploader\/font-upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/formcraft\/file-upload\/server\/content\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/dzs-portfolio\/admin\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/dzs-videogallery\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/dzs-videogallery\/admin\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/contus-hd-flv-player\/uploadVideo\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/codecanyon-157782-video-gallery-wordpress-plugin-w-youtube-vimeo-\/upload\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "POST \/wp-content\/plugins\/cardoza-facebook-like-box\/cardoza_facebook_like_box\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "GET \/wp-content\/uploads\/catalog_enquiry\/d7agy\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "GET \/wp-content\/uploads\/wysija\/themes\/ok\/ok\.php HTTP\/.*$ | |
| ^<HOST> - - \[.*\] "GET \/wp-content\/uploads\/user_uploads\/rdceU\.php\.png HTTP\/.*$ | |
| ignoreregex = |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment