Sebastian Göls Abrynos
Abrynos
/ nginx-extras.conf
Last active
November 27, 2022 21:09
A fail2ban filter for script kiddies trying to fuck with nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Definition] | |
| failregex = (?i)^<HOST> -.*] \"SSH-2(\.0)?-Go | |
| (?i)^<HOST> -.*] \"PRI | |
| (?i)^<HOST> -.*] \"SSTP_DUPLEX_POST | |
| (?i)^<HOST> -.*] \"CONNECT | |
| (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/cgi-bin/ | |
| (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/\.git/ | |
| (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/\.env | |
| (?i)^<HOST> -.*] \"[A-Z]+ /\.?aws |
Abrynos
/ nginx-401.conf
Created
May 30, 2022 21:32
fail2ban config for banning on too many authentication failures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Definition] | |
| failregex = ^<HOST> -.*"(GET|POST|PUT|DELETE|HEAD).*HTTP.*" 401 | |
| ignoreregex = | |
Abrynos
/ nginx-403.conf
Created
May 30, 2022 21:36
nginx filter for too many forbidden responses - use with care
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Definition] | |
| failregex = ^<HOST> -.*"(GET|POST|PUT|DELETE|HEAD).*HTTP.*" 403 | |
| ignoreregex = | |
Abrynos
/ postfixadmin.conf
Created
May 30, 2022 21:37
fail2ban filter to catch authentication failures with postfixadmin via nginx logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Definition] | |
| failregex = ^.*PostfixAdmin (admin|user) login failed .*ip_address: <HOST>.*$ | |
| (?i)^<HOST> -.*] \"(GET|POST|PUT|DELETE|HEAD) (/.*)?/\.git/ | |