[Freeswitch-users] Fail2Ban filter

jay binks jaybinks at gmail.com
Mon Mar 17 12:44:22 MSK 2014


Good catch...

I guess another thing to keep in mind is that this will only work with
IPV4, not a huge issue currently... but it might pay to keep that in mind
also.

in reality we could probably just use [\d+@\d+] or similar ...


On 17 March 2014 17:00, Nandy Dagondon <nandy1925 at gmail.com> wrote:

> Hi to all,
>
> I just encountered an attack. I was wondering why fail2ban didn't catch
> it.  The attacker used alphabetic user name. The regex detects numeric
> digits only.  As a quick fix I modified the filter portion:
>             ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\]
> from <HOST>$
>
> TO: ...  Can't find user \[.+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
>
> to catch all characters.
>
> Just sharing this.
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>


-- 
Sincerely

Jay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140317/652c5f57/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list