API tools faq
paste
Guest User

Untitled

a guest
Jan 17th, 2019
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.40 KB | None | 0 0
raw download clone embed print report
  1. [http-get-dos]
  2. enabled = true
  3. port = http,https
  4. filter = http-get-dos
  5. logpath = /var/log/httpd/access_log
  6. maxretry = 10
  7. findtime = 120
  8. bantime = -1
  9. action = iptables[name=HTTP, port=http, protocol=tcp]
  10.  
  11. [Definition]
  12. failregex = ^<HOST> -.*"(GET|POST).*
  13. ignoreregex =
  14.  
  15. Running tests
  16. =============
  17.  
  18. Use failregex filter file : http-get-dos, basedir: /etc/fail2ban
  19. Use log file : /var/log/httpd/access_log
  20. Use encoding : UTF-8
  21.  
  22.  
  23. Results
  24. =======
  25.  
  26. Failregex: 3586 total
  27. |- #) [# of hits] regular expression
  28. | 1) [3586] ^<HOST> -.*"(GET|POST).*
  29. `-
  30.  
  31. Ignoreregex: 0 total
  32.  
  33. Date template hits:
  34. |- [# of hits] date format
  35. | [3601] Day(?P<_sep>[-/])MON(?P=_sep)Year[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)?
  36. `-
  37.  
  38. Lines: 3601 lines, 0 ignored, 3586 matched, 15 missed
  39. [processed in 0.38 sec]
  40.  
  41. |- Missed line(s):
  42. | 77.72.83.87 - - [13/Jan/2019:11:01:23 +0000] "x03" 400 226 "-" "-"
  43. | 122.112.227.18 - - [13/Jan/2019:12:34:51 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
  44. | 181.22.180.152 - - [14/Jan/2019:17:56:08 +0000] "-" 408 - "-" "-"
  45. | 89.248.172.90 - - [14/Jan/2019:22:40:15 +0000] "-" 408 - "-" "-"
  46. | 89.248.172.90 - - [14/Jan/2019:22:40:35 +0000] "-" 408 - "-" "-"
  47. | 103.105.59.124 - - [15/Jan/2019:00:44:14 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
  48. | 118.89.138.232 - - [15/Jan/2019:05:12:34 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
  49. | 66.240.205.34 - - [15/Jan/2019:23:48:20 +0000] "Gh0stxad" 400 226 "-" "-"
  50. | 129.204.78.36 - - [16/Jan/2019:05:57:50 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
  51. | 104.128.144.131 - - [16/Jan/2019:19:06:23 +0000] "HEAD /redirect.php HTTP/1.0" 404 - "-" "www.probethenet.com scanner"
  52. | 59.36.132.222 - - [16/Jan/2019:20:42:28 +0000] "CONNECT www.baidu.com:443 HTTP/1.1" 301 229 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
  53. | 123.200.24.163 - - [17/Jan/2019:08:46:30 +0000] "PROPFIND / HTTP/1.1" 405 236 "-" "-"
  54. | 79.115.160.167 - - [17/Jan/2019:22:36:03 +0000] "-" 408 - "-" "-"
  55. | ::1 - - [17/Jan/2019:23:08:46 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) PHP/7.2.13 (internal dummy connection)"
  56. | 79.115.160.167 - - [17/Jan/2019:23:11:51 +0000] "-" 408 - "-" "-"
  57.  
  58. 2019-01-18 00:23:40,655 fail2ban.filter [15412]: INFO Set findtime = 120
  59. 2019-01-18 00:23:40,667 fail2ban.jail [15412]: INFO Jail 'sshd' started
  60. 2019-01-18 00:23:40,668 fail2ban.filtersystemd [15412]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
  61. 2019-01-18 00:23:40,673 fail2ban.jail [15412]: INFO Jail 'http-get-dos' started
  62. 2019-01-18 00:23:40,773 fail2ban.actions [15412]: NOTICE [sshd] Ban 124.93.228.42
  63. 2019-01-18 00:25:22,970 fail2ban.filter [15412]: INFO [sshd] Found 129.204.34.155
  64. 2019-01-18 00:27:35,921 fail2ban.filter [15412]: INFO [sshd] Found 212.237.8.162
  65. 2019-01-18 00:27:49,936 fail2ban.filter [15412]: INFO [sshd] Found 142.93.190.223
  66. 2019-01-18 00:33:00,711 fail2ban.filter [15412]: INFO [sshd] Found 106.12.203.146
  67. 2019-01-18 00:33:23,489 fail2ban.filter [15412]: INFO [sshd] Found 69.194.44.230
  68. 2019-01-18 00:35:25,864 fail2ban.server [15412]: INFO Stopping all jails
  69. 2019-01-18 00:35:26,700 fail2ban.actions [15412]: NOTICE [sshd] Unban 124.93.228.42
  70. 2019-01-18 00:35:26,925 fail2ban.jail [15412]: INFO Jail 'sshd' stopped
  71. 2019-01-18 00:35:27,915 fail2ban.jail [15412]: INFO Jail 'http-get-dos' stopped
  72. 2019-01-18 00:35:27,919 fail2ban.server [15412]: INFO Exiting Fail2ban
  73. 2019-01-18 00:35:28,106 fail2ban.server [15592]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7
  74. 2019-01-18 00:35:28,107 fail2ban.database [15592]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
  75. 2019-01-18 00:35:28,110 fail2ban.jail [15592]: INFO Creating new jail 'sshd'
  76. 2019-01-18 00:35:28,129 fail2ban.jail [15592]: INFO Jail 'sshd' uses systemd {}
  77. 2019-01-18 00:35:28,144 fail2ban.jail [15592]: INFO Initiated 'systemd' backend
  78. 2019-01-18 00:35:28,145 fail2ban.filter [15592]: INFO Set maxRetry = 5
  79. 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set jail log file encoding to UTF-8
  80. 2019-01-18 00:35:28,146 fail2ban.actions [15592]: INFO Set banTime = -1
  81. 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set findtime = 600
  82. 2019-01-18 00:35:28,146 fail2ban.filter [15592]: INFO Set maxlines = 10
  83. 2019-01-18 00:35:28,203 fail2ban.filtersystemd [15592]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
  84. 2019-01-18 00:35:28,210 fail2ban.jail [15592]: INFO Creating new jail 'http-get-dos'
  85. 2019-01-18 00:35:28,210 fail2ban.jail [15592]: INFO Jail 'http-get-dos' uses systemd {}
  86. 2019-01-18 00:35:28,211 fail2ban.jail [15592]: INFO Initiated 'systemd' backend
  87. 2019-01-18 00:35:28,212 fail2ban.filter [15592]: INFO Set maxRetry = 10
  88. 2019-01-18 00:35:28,212 fail2ban.filter [15592]: INFO Set jail log file encoding to UTF-8
  89. 2019-01-18 00:35:28,213 fail2ban.actions [15592]: INFO Set banTime = -1
  90. 2019-01-18 00:35:28,213 fail2ban.filter [15592]: INFO Set findtime = 120
  91. 2019-01-18 00:35:28,222 fail2ban.filter [15592]: INFO [sshd] Found 212.237.8.162
  92. 2019-01-18 00:35:28,224 fail2ban.filter [15592]: INFO [sshd] Found 142.93.190.223
  93. 2019-01-18 00:35:28,229 fail2ban.filter [15592]: INFO [sshd] Found 106.12.203.146
  94. 2019-01-18 00:35:28,232 fail2ban.filter [15592]: INFO [sshd] Found 69.194.44.230
  95. 2019-01-18 00:35:28,238 fail2ban.jail [15592]: INFO Jail 'sshd' started
  96. 2019-01-18 00:35:28,239 fail2ban.filtersystemd [15592]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
  97. 2019-01-18 00:35:28,242 fail2ban.jail [15592]: INFO Jail 'http-get-dos' started
  98. 2019-01-18 00:35:28,355 fail2ban.actions [15592]: NOTICE [sshd] Ban 124.93.228.42
  99.  
  100. Status
  101. |- Number of jail: 2
  102. `- Jail list: http-get-dos, sshd
  103.  
  104. |- Filter
  105. | |- Currently failed: 0
  106. | |- Total failed: 0
  107. | `- Journal matches:
  108. `- Actions
  109. |- Currently banned: 0
  110. |- Total banned: 0
  111. `- Banned IP list:
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!