403Webshell
Server IP : 181.215.205.78  /  Your IP : 216.73.216.146
Web Server : LiteSpeed
System : Linux srv028146260 5.15.0-176-generic #186-Ubuntu SMP Fri Mar 13 11:01:42 UTC 2026 x86_64
User : situs1068 ( 1161)
PHP Version : 8.0.30
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /etc/fail2ban/filter.d/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /etc/fail2ban/filter.d//roundcube-auth.conf
# Fail2Ban configuration file for roundcube web server
#
# By default failed logins are printed to 'errors'. The first regex matches those
# The second regex matches those printed to 'userlogins'
#   The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php
#
# The logpath in your jail can be updated to userlogins if you wish
#

[INCLUDES]

before = common.conf

[Definition]

prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?: <F-CONTENT>.+</F-CONTENT>$

failregex = ^(?:FAILED login|Login failed) for <F-USER>.*</F-USER> from <HOST>(?:(?:\([^\)]*\))?\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
            ^(?:<[\w]+> )?Failed login for <F-USER>.*</F-USER> from <HOST> in session \w+( \(error: \d\))?$

ignoreregex = Could not connect to .* Connection refused

journalmatch = SYSLOG_IDENTIFIER=roundcube

# DEV Notes:
#
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
#
# Part after <HOST> comes straight from IMAP server up until the " in ....."
# Earlier versions didn't log the IMAP response hence optional.
#
# DoS resistance:
#
# Assume that the user can inject "from <HOST>" into the imap response
# somehow. Write test cases around this to ensure that the combination of
# arbitrary user input and IMAP response doesn't inject the wrong IP for
# fail2ban
#
# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens

Youez - 2016 - github.com/yon3zu
LinuXploit