[Freeswitch-users] Fail2Ban filter
Nandy Dagondon
nandy1925 at gmail.com
Mon Mar 17 10:00:47 MSK 2014
Hi to all,
I just encountered an attack. I was wondering why fail2ban didn't catch it.
The attacker used alphabetic user name. The regex detects numeric digits
only. As a quick fix I modified the filter portion:
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user
\[\d+@\d+\.\d+\.\d+\.\d+\]
from <HOST>$
TO: ... Can't find user \[.+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
to catch all characters.
Just sharing this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140317/134e81e0/attachment.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list