__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
# Should not match -- DoS vector https://vndh.net/note:fail2ban-089-denial-service
# failJSON: { "match": false }
[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found
# should match
# failJSON: { "time": "2013-07-11T01:21:41", "match": true , "host": "194.228.20.113" }
[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user not found: /
# failJSON: { "time": "2013-07-11T01:21:43", "match": true , "host": "194.228.20.113" }
[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
# failJSON: { "time": "2013-07-11T01:21:44", "match": true , "host": "2606:2800:220:1:248:1893:25c8:1946" }
[Thu Jul 11 01:21:44 2013] [error] [client 2606:2800:220:1:248:1893:25c8:1946] user test-ipv6 not found: /
# The failures below use the configuration described in fail2ban/tests/files/config/apache-auth
#
# wget http://localhost/noentry/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:20:45", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 23:20:45 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/html/noentry/cant_get_me.html
# failJSON: { "time": "2013-07-20T21:34:49", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:34:49.453232 2013] [access_compat:error] [pid 17512:tid 140123104306944] [client 127.0.0.1:51380] AH01797: client denied by server configuration: /var/www/html/noentry/cant_get_me.html
# failJSON: { "time": "2014-09-14T21:44:43", "match": true , "host": "192.3.9.178" }
[Sun Sep 14 21:44:43.008606 2014] [authz_core:error] [pid 10691] [client 192.3.9.178:44271] AH01630: client denied by server configuration: /var/www/html/noentry/cant_get_me.html
# wget --http-user='' --http-password='' http://localhost/basic/file/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:14:37", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 23:14:37 2013] [error] [client 127.0.0.1] user not found: /basic/anon/cant_get_me.html
# failJSON: { "time": "2013-07-20T21:37:32", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:37:32.266605 2013] [auth_basic:error] [pid 17512:tid 140123079128832] [client 127.0.0.1:51386] AH01618: user not found: /basic/file/cant_get_me.html
# wget --http-user=username --http-password=wrongpass http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:18:52", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:18:52 2013] [error] [client 127.0.0.1] user username: authentication failure for "/basic/file": Password Mismatch
# failJSON: { "time": "2013-07-20T21:39:11", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:39:11.978080 2013] [auth_basic:error] [pid 17512:tid 140123053950720] [client 127.0.0.1:51390] AH01617: user username: authentication failure for "/basic/file": Password Mismatch
# wget --http-user=wrongusername --http-password=wrongpass http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:32:48", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:32:48 2013] [error] [client 127.0.0.1] user wrongusername not found: /basic/file
# failJSON: { "time": "2013-07-20T21:40:33", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:40:33.803528 2013] [auth_basic:error] [pid 17540:tid 140123095914240] [client 127.0.0.1:51395] AH01618: user wrongusername not found: /basic/file
# wget --header='Authorization: Digest username="Mufasa",realm="testrealm@host.com",nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",uri="/dir/index.html",qop=auth,nc=00000001,cnonce="0a4f113b",response="6629fae49393a05397450978507c4ef1",opaque="5ccc069c403ebaf9f0171e9517f40e41"' http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:39:55", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:39:55 2013] [error] [client 127.0.0.1] client used wrong authentication scheme: /basic/file
# failJSON: { "time": "2013-07-20T21:41:52", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:41:52.523931 2013] [auth_basic:error] [pid 17512:tid 140122964092672] [client 127.0.0.1:51396] AH01614: client used wrong authentication scheme: /basic/file
# wget --http-user=username --http-password=password http://localhost/basic/authz_owner/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T22:54:32", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:54:32 2013] [error] [client 127.0.0.1] Authorization of user username to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match.
# failJSON: { "time": "2013-07-20T22:11:43", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 22:11:43.147674 2013] [authz_owner:error] [pid 17540:tid 140122922129152] [client 127.0.0.1:51548] AH01637: Authorization of user username to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match
# failJSON: { "time": "2013-07-20T22:11:44", "match": true , "host": "2606:2800:220:1:248:1893:25c8:1946" }
[Sat Jul 20 22:11:44.147674 2013] [authz_owner:error] [pid 17540:tid 140122922129152] [client [2606:2800:220:1:248:1893:25c8:1946]:51548] AH01637: Authorization of user test-ipv6 to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match
# wget --http-user=username --http-password=password http://localhost/basic/authz_owner/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-20T21:42:44", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:42:44.304159 2013] [authz_core:error] [pid 17484:tid 140123095914240] [client 127.0.0.1:51397] AH01631: user username: authorization failure for "/basic/authz_owner/cant_get_me.html":
# wget --http-user='username' --http-password='wrongpassword' http://localhost/digest/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:50:37", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 23:50:37 2013] [error] [client 127.0.0.1] Digest: user username: password mismatch: /digest/cant_get_me.html
# failJSON: { "time": "2013-07-20T21:44:06", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:44:06.867985 2013] [auth_digest:error] [pid 17540:tid 140123070736128] [client 127.0.0.1:51406] AH01792: user username: password mismatch: /digest/cant_get_me.html
# wget --http-user='username' --http-password='password' http://localhost/digest_wrongrelm/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-18T00:08:39", "match": true , "host": "127.0.0.1" }
[Thu Jul 18 00:08:39 2013] [error] [client 127.0.0.1] Digest: user `username' in realm `digest private area' not found: /digest_wrongrelm/cant_get_me.html
# failJSON: { "time": "2013-07-20T21:45:28", "match": true , "host": "127.0.0.1" }
[Sat Jul 20 21:45:28.890523 2013] [auth_digest:error] [pid 17540:tid 140122972485376] [client 127.0.0.1:51408] AH01790: user `username' in realm `digest private area' not found: /digest_wrongrelm/cant_get_me.html
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:05:31", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:05:31.178340 2013] [auth_digest:error] [pid 24224:tid 139895539455744] [client 127.0.0.1:56906] AH01793: invalid qop `auth' received: /digest/qop_none/
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:12:44", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:12:44 2013] [error] [client 127.0.0.1] Digest: invalid nonce JDiBAA=db9372522295196b7ac31db99e10cd1106c received - length is not 52
# ./tests/files/config/apache-auth/digest.py
# yoh: ATM it should not match because matching failregex is still under "investigation"
# failJSON: { "time": "2013-07-28T21:16:37", "match": false , "host": "127.0.0.1" }
[Sun Jul 28 21:16:37 2013] [error] [client 127.0.0.1] Digest: invalid nonce l19lgpDiBAZZZf1ec3d9613f3b3ef43660e3628d78455fd8b937 received - hash is not 6fda8bbcbcf85ff1ebfe7d1c43faba583bc53a02
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:18:11", "match": false , "host": "127.0.0.1" }
[Sun Jul 28 21:18:11.769228 2013] [auth_digest:error] [pid 24752:tid 139895505884928] [client 127.0.0.1:56964] AH01776: invalid nonce b9YAiJDiBAZZZ1b1abe02d20063ea3b16b544ea1b0d981c1bafe received - hash is not d42d824dee7aaf50c3ba0a7c6290bd453e3dd35b
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:30:02", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:30:02 2013] [error] [client 127.0.0.1] Digest: realm mismatch - got `so far away' but expected `digest private area'
# failJSON: { "time": "2013-07-28T21:27:56", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:27:56.549667 2013] [auth_digest:error] [pid 24835:tid 139895297222400] [client 127.0.0.1:57052] AH01788: realm mismatch - got `so far away' but expected `digest private area'
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:41:20", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:41:20 2013] [error] [client 127.0.0.1] Digest: unknown algorithm `super funky chicken' received: /digest/
# failJSON: { "time": "2013-07-28T21:42:03", "match": true , "host": "127.0.0.1" }
[Sun Jul 28 21:42:03.930190 2013] [auth_digest:error] [pid 24835:tid 139895505884928] [client 127.0.0.1:57115] AH01789: unknown algorithm `super funky chicken' received: /digest/
# ./tests/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-29T02:15:26", "match": true , "host": "127.0.0.1" }
[Mon Jul 29 02:15:26 2013] [error] [client 127.0.0.1] Digest: invalid nonce LWEDr5TiBAA=ceddd011628c30e3646f7acda4f1a0ab6b7c5ae6 received - user attempted time travel
# failJSON: { "time": "2013-07-29T02:12:55", "match": true , "host": "127.0.0.1" }
[Mon Jul 29 02:12:55.539813 2013] [auth_digest:error] [pid 9647:tid 139895522670336] [client 127.0.0.1:58474] AH01777: invalid nonce 59QJppTiBAA=b08983fd166ade9840407df1b0f75b9e6e07d88d received - user attempted time travel
# failJSON: { "time": "2013-06-01T02:17:42", "match": true , "host": "192.168.0.2" }
[Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found
# failJSON: { "time": "2013-11-18T22:39:33", "match": true , "host": "91.49.82.139" }
[Mon Nov 18 22:39:33 2013] [error] [client 91.49.82.139] user gg not found: /, referer: http://sj.hopto.org/management.html
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02031: Hostname www.testdom.com provided via SNI, but no hostname provided in HTTP request
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02032: Hostname www.testdom.com provided via SNI and hostname dummy.com provided via HTTP have no compatible SSL setup
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02033: No hostname was provided via SNI for a name based virtual host
# failJSON: { "match": false, "desc": "ignore mod_evasive errors in normal mode (gh-2548)" }
[Thu Oct 17 18:43:40.160521 2019] [evasive20:error] [pid 22589] [client 192.0.2.1:56175] client denied by server configuration: /path/index.php, referer: https://hostname/path/
# filterOptions: {"mode": "aggressive"}
# failJSON: { "time": "2019-10-17T18:43:40", "match": true, "host": "192.0.2.1", "desc": "accept mod_evasive errors in aggressive mode (gh-2548)" }
[Thu Oct 17 18:43:40.160521 2019] [evasive20:error] [pid 22589] [client 192.0.2.1:56175] client denied by server configuration: /path/index.php, referer: https://hostname/path/
# filterOptions: {"logging": "syslog"}
# failJSON: { "time": "2005-02-15T16:23:00", "match": true , "host": "192.0.2.1", "desc": "using syslog (ErrorLog syslog)" }
Feb 15 16:23:00 srv httpd[22034]: [authz_core:error] [pid 22034] [client 192.0.2.1:58585] AH01630: client denied by server configuration: /home/www/
# failJSON: { "time": "2005-02-15T16:23:40", "match": true , "host": "192.0.2.2", "desc": "using syslog (ErrorLog syslog)" }
Feb 15 16:23:40 srv httpd/backend1[22034]: [authz_core:error] [pid 22036] [client 192.0.2.2:59392] AH01630: client denied by server configuration: /home/backend1/
# failJSON: { "time": "2005-02-15T16:54:53", "match": true , "host": "192.0.2.3", "desc": "using syslog (ErrorLog syslog)" }
Feb 15 16:54:53 tools apache2[18154]: [:error] [pid 18154:tid 140680873617152] [client 192.0.2.3:48154] AH01630: client denied by server configuration: /var/www
# failJSON: { "time": "2005-02-16T22:32:48", "match": true , "host": "127.0.0.1" }
Feb 16 22:32:48 srv httpd[22034]: [error] [client 127.0.0.1] user wrongusername not found: /basic/file
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| bsd | Folder | 0755 |
|
|
| 3proxy | File | 575 B | 0644 |
|
| apache-auth | File | 12.5 KB | 0644 |
|
| apache-badbots | File | 688 B | 0644 |
|
| apache-botsearch | File | 3.66 KB | 0644 |
|
| apache-fakegooglebot | File | 480 B | 0644 |
|
| apache-modsecurity | File | 2.59 KB | 0644 |
|
| apache-nohome | File | 406 B | 0644 |
|
| apache-noscript | File | 2.64 KB | 0644 |
|
| apache-overflows | File | 2.7 KB | 0644 |
|
| apache-pass | File | 273 B | 0644 |
|
| apache-shellshock | File | 499 B | 0644 |
|
| assp | File | 5.09 KB | 0644 |
|
| asterisk | File | 13.64 KB | 0644 |
|
| bitwarden | File | 741 B | 0644 |
|
| centreon | File | 252 B | 0644 |
|
| counter-strike | File | 399 B | 0644 |
|
| courier-auth | File | 1.04 KB | 0644 |
|
| courier-smtp | File | 1.69 KB | 0644 |
|
| cyrus-imap | File | 2.4 KB | 0644 |
|
| directadmin | File | 835 B | 0644 |
|
| domino-smtp | File | 1.26 KB | 0644 |
|
| dovecot | File | 16.25 KB | 0644 |
|
| dropbear | File | 1.3 KB | 0644 |
|
| drupal-auth | File | 2.31 KB | 0644 |
|
| ejabberd-auth | File | 1.46 KB | 0644 |
|
| exim | File | 10.2 KB | 0644 |
|
| exim-spam | File | 3.38 KB | 0644 |
|
| freeswitch | File | 2.33 KB | 0644 |
|
| froxlor-auth | File | 354 B | 0644 |
|
| gitlab | File | 392 B | 0644 |
|
| grafana | File | 564 B | 0644 |
|
| groupoffice | File | 309 B | 0644 |
|
| gssftpd | File | 176 B | 0644 |
|
| guacamole | File | 1016 B | 0644 |
|
| haproxy-http-auth | File | 943 B | 0644 |
|
| horde | File | 567 B | 0644 |
|
| kerio | File | 3.23 KB | 0644 |
|
| lighttpd-auth | File | 1.36 KB | 0644 |
|
| mongodb-auth | File | 2 KB | 0644 |
|
| monit | File | 2.35 KB | 0644 |
|
| monitorix | File | 863 B | 0644 |
|
| mssql-auth | File | 1.26 KB | 0644 |
|
| murmur | File | 702 B | 0644 |
|
| mysqld-auth | File | 3.61 KB | 0644 |
|
| nagios | File | 226 B | 0644 |
|
| named-refused | File | 3.22 KB | 0644 |
|
| nginx-bad-request | File | 1.37 KB | 0644 |
|
| nginx-botsearch | File | 2.64 KB | 0644 |
|
| nginx-http-auth | File | 3.6 KB | 0644 |
|
| nginx-limit-req | File | 1.14 KB | 0644 |
|
| nsd | File | 648 B | 0644 |
|
| openhab | File | 692 B | 0644 |
|
| openwebmail | File | 615 B | 0644 |
|
| oracleims | File | 1.8 KB | 0644 |
|
| pam-generic | File | 2.37 KB | 0644 |
|
| perdition | File | 589 B | 0644 |
|
| php-url-fopen | File | 314 B | 0644 |
|
| phpmyadmin-syslog | File | 177 B | 0644 |
|
| portsentry | File | 341 B | 0644 |
|
| postfix | File | 15.87 KB | 0644 |
|
| proftpd | File | 2.88 KB | 0644 |
|
| pure-ftpd | File | 195 B | 0644 |
|
| qmail | File | 830 B | 0644 |
|
| recidive | File | 1.38 KB | 0644 |
|
| roundcube-auth | File | 5.42 KB | 0644 |
|
| scanlogd | File | 854 B | 0644 |
|
| screensharingd | File | 1.09 KB | 0644 |
|
| selinux-ssh | File | 3.36 KB | 0644 |
|
| sendmail-auth | File | 3.84 KB | 0644 |
|
| sendmail-reject | File | 10.83 KB | 0644 |
|
| sieve | File | 535 B | 0644 |
|
| slapd | File | 1.12 KB | 0644 |
|
| softethervpn | File | 648 B | 0644 |
|
| sogo-auth | File | 3.47 KB | 0644 |
|
| solid-pop3d | File | 1.59 KB | 0644 |
|
| squid | File | 895 B | 0644 |
|
| squirrelmail | File | 197 B | 0644 |
|
| sshd | File | 33.6 KB | 0644 |
|
| sshd-journal | File | 23.82 KB | 0644 |
|
| stunnel | File | 267 B | 0644 |
|
| suhosin | File | 1.26 KB | 0644 |
|
| tine20 | File | 520 B | 0644 |
|
| traefik-auth | File | 1.81 KB | 0644 |
|
| uwimap-auth | File | 1.51 KB | 0644 |
|
| vsftpd | File | 1.1 KB | 0644 |
|
| webmin-auth | File | 640 B | 0644 |
|
| wuftpd | File | 631 B | 0644 |
|
| xinetd-fail | File | 331 B | 0644 |
|
| znc-adminlog | File | 708 B | 0644 |
|
| zoneminder | File | 715 B | 0644 |
|
| zzz-generic-example | File | 4.15 KB | 0644 |
|
| zzz-sshd-obsolete-multiline | File | 36 B | 0644 |
|