[Freeswitch-users] Fail2Ban filter

Nandy Dagondon nandy1925 at gmail.com
Mon Mar 17 10:00:47 MSK 2014


Hi to all,

I just encountered an attack. I was wondering why fail2ban didn't catch it.
 The attacker used alphabetic user name. The regex detects numeric digits
only.  As a quick fix I modified the filter portion:
            ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user
\[\d+@\d+\.\d+\.\d+\.\d+\]
from <HOST>$

TO: ...  Can't find user \[.+@\d+\.\d+\.\d+\.\d+\] from <HOST>$

to catch all characters.

Just sharing this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140317/134e81e0/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list