# Ansible controlled filename: /etc/fail2ban/filter.d/20_example-blns.filter
# Source: ansible bgstack15-fail2ban/files/example-blns.filter
# Date: 2016-04-19
# Reference: 
# NOTE: This file is managed via Ansible: manual changes will be lost

[Definition]
failregex = ^.*<HOST>.*(GET|POST).*/etc/passwd.*$
            ^.*<HOST>.*(GET|POST).*/etc/group.*$
            ^.*<HOST>.*(GET|POST).*/etc/hosts.*$
            ^.*<HOST>.*(GET|POST).*/proc/self/environ.*$
            ^.*<HOST>.*(GET|POST).*(?i)admin.*admin.*$
            ^.*<HOST>.*(GET|POST).*(?i)(php|db|pma|web|sql).*admin.*$
            ^.*<HOST>.*(GET|POST).*(?i)admin.*(php|db|pma|web|sql).*$
            ^.*<HOST>.*(GET|POST).*(?i)DELETE_comment.*$
            ^.*<HOST>.*(GET|POST).*(?i)pma/scripts.*setup.*$
            ^.*<HOST>.*(GET|POST).*(?i)pma([0-9]{4})?/? HTTP.*$
            ^.*<HOST>.*(GET|POST).*(?i)(database|myadmin|mysql)/? HTTP.*$
            ^.*<HOST>.*(GET|POST).*(?i)(dbweb|webdb|websql|sqlweb).*$
            ^.*<HOST>.*(GET|POST).*(?i)(my)?sql.*manager.*$
            ^.*<HOST>.*(GET|POST).*(?i)wp-(admin|login|signup|config).*$
            ^.*<HOST>.*(GET|POST).*president/.*wp-cron\.php*$
            ^.*<HOST>.*(GET|POST).*w00t.*blackhats.*$
            ^.*<HOST>.*(GET|POST).*\+\+liker.profile_URL\+\+.*$
            ^.*<HOST>.*(GET|POST).*muieblackcat.*$
            ^.*<HOST>.*(GET|POST).*(?i)ldlogon.*$
            ^.*<HOST>.*(GET|POST).*(?i)\.cobalt$
            ^.*<HOST>.*(GET|POST).*(?i)\.intruvert\/jsp\/admin\/Login\.jsp$
            ^.*<HOST>.*(GET|POST).*(?i)MSWSMTP\/Common\/Authentication\/Logon\.aspx$
            ^.*<HOST>.*(GET|POST).*(?i)php\?password=[0-9]*\&re_password=.*\&login=var.*$

ignoreregex =