-
Notifications
You must be signed in to change notification settings - Fork 37
/
webexploits.conf
201 lines (196 loc) · 12.8 KB
/
webexploits.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# Fail2Ban Web Exploits Filter
# Author & Copyright: Mitchell Krog - [email protected]
# REPO: https://github.com/mitchellkrogza/Fail2Ban.WebExploits
# V0.1.27
# Last Updated: Tue May 8 11:08:42 SAST 2018
[Definition]
failregex = ^<HOST> -.*(GET|POST|HEAD).*(/\.git/config)
^<HOST> -.*(GET|POST).*/administrator/index\.php.*500
^<HOST> -.*(GET|POST|HEAD).*(/:8880/)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/image/favicon\.ico)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/ts2/layout\.css)
^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv2/_static/ts2/layout\.css)
^<HOST> -.*(GET|POST|HEAD).*(/Admin/Common/HelpLinks\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/admin-console)
^<HOST> -.*(GET|POST|HEAD).*(/admin/inc/xml\.xslt)
^<HOST> -.*(GET|POST|HEAD).*(/administrator/components/com_xcloner-backupandrestore/index2\.php)
# ^<HOST> -.*(GET|POST|HEAD).*(/administrator/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/administrator/manifests/files/joomla\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql2/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/pma/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/PMA/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ButtonImage/standard/componentmenu\.gif)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/Dialog/dialog\.js)
^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ewebeditor\.asp)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/SystemLabel/SiteConfig\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/login_site\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/manage_site\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/save_template\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/ThirdPartyTags/SiteFactory\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/app/home/skins/default/style\.css)
^<HOST> -.*(GET|POST|HEAD).*(/app/js/source/wcmlib/WCMConstants\.js)
^<HOST> -.*(GET|POST|HEAD).*(/apple-app-site-association)
^<HOST> -.*(GET|POST|HEAD).*(/app/Tpl/fanwe_1/js/)
^<HOST> -.*(GET|POST|HEAD).*(/_asterisk/)
^<HOST> -.*(GET|POST|HEAD).*(/bencandy\.php)
^<HOST> -.*(GET|POST|HEAD).*(/blog/administrator/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php)
^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php5)
^<HOST> -.*(GET|POST|HEAD).*(/cgi/common\.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/CGI/Execute)
^<HOST> -.*(GET|POST|HEAD).*(/check\.proxyradar\.com/azenv\.php)
^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/ckfinder\.html)
^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/install\.txt)
^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/ckfinder\.html)
^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/install\.txt)
^<HOST> -.*(GET|POST|HEAD).*(/ckupload\.php)
^<HOST> -.*(GET|POST|HEAD).*(/claroline/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/clases\.gone\.php)
^<HOST> -.*(GET|POST|HEAD).*(/cms/administrator)
^<HOST> -.*(GET|POST|HEAD).*(/command\.php)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_adsmanager/js/fullnoconflict\.js)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/css/b2jcontact\.css)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/router\.php)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_foxcontact/js/jtext\.js)
^<HOST> -.*(GET|POST|HEAD).*(/components/com_sexycontactform/assets/js/index\.html)
^<HOST> -.*(GET|POST|HEAD).*(/console/auth/reg_newuser\.jsp)
^<HOST> -.*(GET|POST|HEAD).*(/console/include/not_login\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/console/js/CTRSRequestParam\.js)
^<HOST> -.*(GET|POST|HEAD).*(/console/js/CWCMDialogHead\.js)
^<HOST> -.*(GET|POST|HEAD).*(/currentsetting\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Help/default\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/ImageEditor/listfiles\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Images/log\.gif)
^<HOST> -.*(GET|POST|HEAD).*(/data/admin/ver\.txt)
^<HOST> -.*(GET|POST|HEAD).*(/datacenter/downloadApp/showDownload\.do)
^<HOST> -.*(GET|POST|HEAD).*(/db/)
^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/)
^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/db/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/deptWebsiteAction\.do)
^<HOST> -.*(GET|POST|HEAD).*(/eams/static/scripts/grade/course/input\.js)
^<HOST> -.*(GET|POST|HEAD).*(/editor/js/fckeditorcode_ie\.js)
^<HOST> -.*(GET|POST|HEAD).*(/examples/file-manager\.html)
^<HOST> -.*(GET|POST|HEAD).*(/getcfg\.php)
^<HOST> -.*(GET|POST|HEAD).*(/get_password\.php)
^<HOST> -.*(GET|POST|HEAD).*(/\.git/info/)
^<HOST> -.*(GET|POST|HEAD).*(/Hello\.World)
^<HOST> -.*(GET|POST|HEAD).*(/hndUnblock\.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/images/login9/login_33\.jpg)
^<HOST> -.*(GET|POST|HEAD).*(/include/dialog/config\.php)
^<HOST> -.*(GET|POST|HEAD).*(/include/install_ocx\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/index\.action)
^<HOST> -.*(GET|POST|HEAD).*(/ip_js\.php)
^<HOST> -.*(GET|POST|HEAD).*(/issmall/)
^<HOST> -.*(GET|POST|HEAD).*(/jenkins/script)
^<HOST> -.*(GET|POST|HEAD).*(/jm-ajax/upload_file/)
^<HOST> -.*(GET|POST|HEAD).*(/jmx-console)
^<HOST> -.*(GET|POST|HEAD).*(/js/tools\.js)
^<HOST> -.*(GET|POST|HEAD).*(/libraries/sfn\.php)
^<HOST> -.*(GET|POST|HEAD).*(login\.destroy\.session)
^<HOST> -.*(GET|POST|HEAD).*(/login/Jeecms\.do)
^<HOST> -.*(GET|POST|HEAD).*(/logo_img\.php)
^<HOST> -.*(GET|POST|HEAD).*(/maintlogin\.jsp)
^<HOST> -.*(GET|POST|HEAD).*(/manager/html)
^<HOST> -.*(GET|POST|HEAD).*(/manager/status)
^<HOST> -.*(GET|POST|HEAD).*(/master/login\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/media/com_hikashop/js/hikashop\.js)
^<HOST> -.*(GET|POST|HEAD).*(/modules/attributewizardpro/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/columnadverts/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/fieldvmegamenu/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise2/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/mod_simplefileuploadv1\.3/elements/udd\.php)
^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_flexmenu/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_vertflexmenu/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/modules/wdoptionpanel/config\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/msd)
^<HOST> -.*(GET|POST|HEAD).*(/msd1\.24\.4)
^<HOST> -.*(GET|POST|HEAD).*(/msd1\.24stable)
^<HOST> -.*(GET|POST|HEAD).*(mstshash=NCRACK_USER)
^<HOST> -.*(GET|POST|HEAD).*(/muieblackcat)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin2/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/myadmin/scripts/setup\.php)
^<HOST> -.*(GET|POST|HEAD).*(/MyAdmin/scripts/setup\.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysql-admin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysqladmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/mysqldumper)
^<HOST> -.*(GET|POST|HEAD).*(/mySqlDumper)
^<HOST> -.*(GET|POST|HEAD).*(/MySQLDumper)
^<HOST> -.*(GET|POST|HEAD).*(/phpadmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpma/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyadmin_bak/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/scripts/setup\.php)
^<HOST> -.*(GET|POST|HEAD).*(/plugins/anchor/anchor\.js)
^<HOST> -.*(GET|POST|HEAD).*(/plugins/filemanager/filemanager/js)
^<HOST> -.*(GET|POST|HEAD).*(/plus/download\.php)
^<HOST> -.*(GET|POST|HEAD).*(/plus/heightsearch\.php)
^<HOST> -.*(GET|POST|HEAD).*(/plus/rssmap\.html)
^<HOST> -.*(GET|POST|HEAD).*(/plus/sitemap\.html)
^<HOST> -.*(GET|POST|HEAD).*(/pma/)
^<HOST> -.*(GET|POST|HEAD).*(/PMA/)
^<HOST> -.*(GET|POST|HEAD).*(/PMA2/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/PMA/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmamy2/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmamy/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma-old/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pma/scripts/setup\.php)
^<HOST> -.*(GET|POST|HEAD).*(/pmd/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/privacy\.txt)
^<HOST> -.*(GET|POST|HEAD).*(/resources/style/images/login/btn\.png)
^<HOST> -.*(GET|POST|HEAD).*(/Scripts/jquery/maticsoft\.jquery\.min\.js)
^<HOST> -.*(GET|POST|HEAD).*(/script/valid_formdata\.js)
^<HOST> -.*(GET|POST|HEAD).*(/siteserver/login\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/siteserver/upgrade/default\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(soap:Envelope)
^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/tv-channels/iptv-list-json)
^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/users/users-list-json)
^<HOST> -.*(GET|POST|HEAD).*(/stssys\.htm)
^<HOST> -.*(GET|POST|HEAD).*(/sys\.cache\.php)
^<HOST> -.*(GET|POST|HEAD).*(/system/assets/jquery/jquery-2\.x\.min\.js)
^<HOST> -.*(GET|POST|HEAD).*(/template/1/bluewise/_files/jspxcms\.css)
^<HOST> -.*(GET|POST|HEAD).*(/templates/jsn_glass_pro/ext/hikashop/jsn_ext_hikashop\.css)
^<HOST> -.*(GET|POST|HEAD).*(/test_404_page/)
^<HOST> -.*(GET|POST|HEAD).*(/test_for_404/)
^<HOST> -.*(GET|POST|HEAD).*(Test Wuz Here)
^<HOST> -.*(GET|POST|HEAD).*(/tmUnblock\.cgi)
^<HOST> -.*(GET|POST|HEAD).*(/tools/phpMyAdmin/index\.ph)
^<HOST> -.*(GET|POST|HEAD).*(/uc_server/control/admin/db\.php)
^<HOST> -.*(GET|POST|HEAD).*(/upload/bank-icons/)
^<HOST> -.*(GET|POST|HEAD).*(/UserCenter/css/admin/bgimg/admin_all_bg\.png)
^<HOST> -.*(GET|POST|HEAD).*(/\.user\.ini)
^<HOST> -.*(GET|POST|HEAD).*(\.bitcoin)
^<HOST> -.*(GET|POST|HEAD).*(wallet\.dat)
^<HOST> -.*(GET|POST|HEAD).*(bitcoin\.dat)
^<HOST> -.*(GET|POST|HEAD).*(/magento2/admin)
^<HOST> -.*(GET|POST|HEAD).*(/user/register?element_parents=account)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/antimatter\.js)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/modernizr\.custom\.71422\.js)
^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/slidebars\.min\.js)
^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t)
^<HOST> -.*(GET|POST|HEAD).*(/webbuilder/script/locale/wb-lang-zh_CN\.js)
^<HOST> -.*(GET|POST|HEAD).*(/web-console)
^<HOST> -.*(GET|POST|HEAD).*(/webdav)
^<HOST> -.*(GET|POST|HEAD).*(/web/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(/whir_system/login\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/whir_system/module/security/login\.aspx)
^<HOST> -.*(GET|POST|HEAD).*(/wls-wsat/CoordinatorPortType)
^<HOST> -.*(GET|POST|HEAD).*(/wpbase/url\.php)
^<HOST> -.*(GET|POST|HEAD).*(/wp-includes/wlwmanifest\.xml)
^<HOST> -.*(GET|POST|HEAD).*(/wp-login\.php)
^<HOST> -.*(GET|POST|HEAD).*(/www/phpMyAdmin/index\.php)
^<HOST> -.*(GET|POST|HEAD).*(\x00Cookie:)
^<HOST> -.*(GET|POST|HEAD).*(\x22cache_name_function)
^<HOST> -.*(GET|POST|HEAD).*(\x22JDatabaseDriverMysqli)
^<HOST> -.*(GET|POST|HEAD).*(\x22JSimplepieFactory)
^<HOST> -.*(GET|POST|HEAD).*(\x22sanitize)
^<HOST> -.*(GET|POST|HEAD).*(\x22SimplePie)
^<HOST> -.*(GET|POST|HEAD).*(\x5C0disconnectHandlers)
^<HOST> -.*(GET).*(\.\./wp-config.php)
ignoreregex =