initial import
This commit is contained in:
26
fail2ban/sshd-ddos.filterd
Normal file
26
fail2ban/sshd-ddos.filterd
Normal file
@@ -0,0 +1,26 @@
|
||||
# Fail2Ban ssh filter for at attempted exploit
|
||||
#
|
||||
# The regex here also relates to a exploit:
|
||||
#
|
||||
# http://www.securityfocus.com/bid/17958/exploit
|
||||
# The example code here shows the pushing of the exploit straight after
|
||||
# reading the server version. This is where the client version string normally
|
||||
# pushed. As such the server will read this unparsible information as
|
||||
# "Did not receive identification string".
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
# Read common prefixes. If any customizations available -- read them from
|
||||
# common.local
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = sshd
|
||||
|
||||
failregex = Did not receive identification string from <HOST>\s*$
|
||||
|
||||
ignoreregex =
|
||||
|
||||
[Init]
|
||||
|
||||
Reference in New Issue
Block a user