# Fail2Ban Web Exploits Filter
# Author & Copyright: Mitchell Krog - mitchellkrog@gmail.com
# REPO: https://github.com/mitchellkrogza/Fail2Ban.WebExploits
# V0.1.27
# Last Updated: Tue May  8 11:08:42 SAST 2018

[Definition]


failregex = ^<HOST> -.*(GET|POST|HEAD).*(/\.git/config)
            ^<HOST> -.*(GET|POST).*/administrator/index\.php.*500
            ^<HOST> -.*(GET|POST|HEAD).*(/:8880/)
            ^<HOST> -.*(GET|POST|HEAD).*(/1\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/image/favicon\.ico)
            ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv1/_static/ts2/layout\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/addons/theme/stv2/_static/ts2/layout\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/Admin/Common/HelpLinks\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin-console)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/inc/xml\.xslt)
            ^<HOST> -.*(GET|POST|HEAD).*(/administrator/components/com_xcloner-backupandrestore/index2\.php)
        #   ^<HOST> -.*(GET|POST|HEAD).*(/administrator/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/administrator/manifests/files/joomla\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql2/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/mysql/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/pma/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/PMA/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ButtonImage/standard/componentmenu\.gif)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/Dialog/dialog\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/admin/SouthidcEditor/ewebeditor\.asp)
            ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/SystemLabel/SiteConfig\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/login_site\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/manage_site\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/TemplateManage/save_template\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/API/DW/Dwplugin/ThirdPartyTags/SiteFactory\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/api/jsonws/invoke)
            ^<HOST> -.*(GET|POST|HEAD).*(/app/home/skins/default/style\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/app/js/source/wcmlib/WCMConstants\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/apple-app-site-association)
            ^<HOST> -.*(GET|POST|HEAD).*(/app/Tpl/fanwe_1/js/)
            ^<HOST> -.*(GET|POST|HEAD).*(/app/etc/local\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/Autodiscover/Autodiscover\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/_asterisk/)
            ^<HOST> -.*(GET|POST|HEAD).*(/backup\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/bencandy\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/blog/administrator/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/boaform/admin/formLogin)
            ^<HOST> -.*(GET|POST|HEAD).*(/cardamom\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php)
            ^<HOST> -.*(GET|POST|HEAD).*(/cgi-bin/php5)
            ^<HOST> -.*(GET|POST|HEAD).*(/cgi/common\.cgi)
            ^<HOST> -.*(GET|POST|HEAD).*(/CGI/Execute)
            ^<HOST> -.*(GET|POST|HEAD).*(/check\.proxyradar\.com/azenv\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/ckfinder\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/ckeditor/ckfinder/install\.txt)
            ^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/ckfinder\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/ckfinder/install\.txt)
            ^<HOST> -.*(GET|POST|HEAD).*(/ckupload\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/claroline/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/clases\.gone\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/cms/administrator)
            ^<HOST> -.*(GET|POST|HEAD).*(/command\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/components/com_adsmanager/js/fullnoconflict\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/css/b2jcontact\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/components/com_b2jcontact/router\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/components/com_foxcontact/js/jtext\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/components/com_sexycontactform/assets/js/index\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/console/)
            ^<HOST> -.*(GET|POST|HEAD).*(/console/auth/reg_newuser\.jsp)
            ^<HOST> -.*(GET|POST|HEAD).*(/console/include/not_login\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/console/js/CTRSRequestParam\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/console/js/CWCMDialogHead\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/customer/account/login/referer/)
            ^<HOST> -.*(GET|POST|HEAD).*(/currentsetting\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Help/default\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/ImageEditor/listfiles\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/CuteSoft_Client/CuteEditor/Images/log\.gif)
            ^<HOST> -.*(GET|POST|HEAD).*(/data/admin/ver\.txt)
            ^<HOST> -.*(GET|POST|HEAD).*(/database\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/data\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/datacenter/downloadApp/showDownload\.do)
            ^<HOST> -.*(GET|POST|HEAD).*(/db/)
            ^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/)
            ^<HOST> -.*(GET|POST|HEAD).*(/dbadmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/db_backup\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/dbdump\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/db\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/db/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/dump\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/deptWebsiteAction\.do)
            ^<HOST> -.*(GET|POST|HEAD).*(/eams/static/scripts/grade/course/input\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/editor/js/fckeditorcode_ie\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(\.env\.dev\.local)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.env\.development\.local)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.env\.prod\.local)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.env\.production\.local)
            ^<HOST> -.*(GET|POST|HEAD).*(/examples/file-manager\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/getcfg\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/get_password\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.git/info)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.git/HEAD)
            ^<HOST> -.*(GET|POST|HEAD).*(/Hello\.World)
            ^<HOST> -.*(GET|POST|HEAD).*(/hndUnblock\.cgi)
            ^<HOST> -.*(GET|POST|HEAD).*(/images/login9/login_33\.jpg)
            ^<HOST> -.*(GET|POST|HEAD).*(/include/dialog/config\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/include/install_ocx\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/index\.action)
            ^<HOST> -.*(GET|POST|HEAD).*(/ip_js\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/issmall/)
            ^<HOST> -.*(GET|POST|HEAD).*(/jenkins/script)
            ^<HOST> -.*(GET|POST|HEAD).*(/jenkins/login)
            ^<HOST> -.*(GET|POST|HEAD).*(/jm-ajax/upload_file/)
            ^<HOST> -.*(GET|POST|HEAD).*(/jmx-console)
            ^<HOST> -.*(GET|POST|HEAD).*(/js/tools\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/letrokart.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/libraries/sfn\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/localhost\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(login\.destroy\.session)
            ^<HOST> -.*(GET|POST|HEAD).*(/login/Jeecms\.do)
            ^<HOST> -.*(GET|POST|HEAD).*(/logo_img\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/maintlogin\.jsp)
            ^<HOST> -.*(GET|POST|HEAD).*(/manager/html)
            ^<HOST> -.*(GET|POST|HEAD).*(/manager/status)
            ^<HOST> -.*(GET|POST|HEAD).*(/magmi/conf/magmi\.ini)
            ^<HOST> -.*(GET|POST|HEAD).*(/master/login\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/media/com_hikashop/js/hikashop\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/attributewizardpro/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/columnadverts/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/fieldvmegamenu/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise2/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/homepageadvertise/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/mod_simplefileuploadv1\.3/elements/udd\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_flexmenu/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/pk_vertflexmenu/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/modules/wdoptionpanel/config\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/msd)
            ^<HOST> -.*(GET|POST|HEAD).*(/msd1\.24\.4)
            ^<HOST> -.*(GET|POST|HEAD).*(/msd1\.24stable)
            ^<HOST> -.*(GET|POST|HEAD).*(mstshash=NCRACK_USER)
            ^<HOST> -.*(GET|POST|HEAD).*(/muieblackcat)
            ^<HOST> -.*(GET|POST|HEAD).*(/myadmin2/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/myadmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/myadmin/scripts/setup\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/MyAdmin/scripts/setup\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/mysql-admin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/mysqladmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/mysqldumper)
            ^<HOST> -.*(GET|POST|HEAD).*(/mySqlDumper)
            ^<HOST> -.*(GET|POST|HEAD).*(/MySQLDumper)
            ^<HOST> -.*(GET|POST|HEAD).*(/mysqldump\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/mysql\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpadmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpma/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpMyadmin_bak/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/phpMyAdmin/scripts/setup\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/plugins/anchor/anchor\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/plugins/filemanager/filemanager/js)
            ^<HOST> -.*(GET|POST|HEAD).*(/plus/download\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/plus/heightsearch\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/plus/rssmap\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/plus/sitemap\.html)
            ^<HOST> -.*(GET|POST|HEAD).*(/pma/)
            ^<HOST> -.*(GET|POST|HEAD).*(/PMA/)
            ^<HOST> -.*(GET|POST|HEAD).*(/PMA2/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pma/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/PMA/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pmamy2/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pmamy/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pma-old/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pma/scripts/setup\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/pmd/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/privacy\.txt)
            ^<HOST> -.*(GET|POST|HEAD).*(/resources/style/images/login/btn\.png)
            ^<HOST> -.*(GET|POST|HEAD).*(/Scripts/jquery/maticsoft\.jquery\.min\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/script/valid_formdata\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/siteserver/login\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/siteserver/upgrade/default\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/site\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/sql\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(soap:Envelope)
            ^<HOST> -.*(GET|POST|HEAD).*(/solr/admin/info/system)
            ^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/c)
            ^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/tv-channels/iptv-list-json)
            ^<HOST> -.*(GET|POST|HEAD).*(/stalker_portal/server/adm/users/users-list-json)
            ^<HOST> -.*(GET|POST|HEAD).*(/stssys\.htm)
            ^<HOST> -.*(GET|POST|HEAD).*(/sys\.cache\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/system/assets/jquery/jquery-2\.x\.min\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/system_api\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/template/1/bluewise/_files/jspxcms\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/templates/jsn_glass_pro/ext/hikashop/jsn_ext_hikashop\.css)
            ^<HOST> -.*(GET|POST|HEAD).*(/test_404_page/)
            ^<HOST> -.*(GET|POST|HEAD).*(/test_for_404/)
            ^<HOST> -.*(GET|POST|HEAD).*(/temp\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/translate\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(Test Wuz Here)
            ^<HOST> -.*(GET|POST|HEAD).*(/tmUnblock\.cgi)
            ^<HOST> -.*(GET|POST|HEAD).*(/tools/phpMyAdmin/index\.ph)
            ^<HOST> -.*(GET|POST|HEAD).*(/uc_server/control/admin/db\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/upload/bank-icons/)
            ^<HOST> -.*(GET|POST|HEAD).*(/UserCenter/css/admin/bgimg/admin_all_bg\.png)
            ^<HOST> -.*(GET|POST|HEAD).*(/\.user\.ini)
            ^<HOST> -.*(GET|POST|HEAD).*(\.bitcoin)
            ^<HOST> -.*(GET|POST|HEAD).*(wallet\.dat)
            ^<HOST> -.*(GET|POST|HEAD).*(bitcoin\.dat)
            ^<HOST> -.*(GET|POST|HEAD).*(/magento2/admin)
            ^<HOST> -.*(GET|POST|HEAD).*(/user/register?element_parents=account)
            ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/antimatter\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/modernizr\.custom\.71422\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/user/themes/antimatter/js/slidebars\.min\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/users\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/vendor/phpunit/phpunit)
            ^<HOST> -.*(GET|POST|HEAD).*(/w00tw00t)
            ^<HOST> -.*(GET|POST|HEAD).*(/webbuilder/script/locale/wb-lang-zh_CN\.js)
            ^<HOST> -.*(GET|POST|HEAD).*(/web-console)
            ^<HOST> -.*(GET|POST|HEAD).*(/webdav)
            ^<HOST> -.*(GET|POST|HEAD).*(/web/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/whir_system/login\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/whir_system/module/security/login\.aspx)
            ^<HOST> -.*(GET|POST|HEAD).*(/wls-wsat/CoordinatorPortType)
            ^<HOST> -.*(GET|POST|HEAD).*(/wpbase/url\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/plugins/)
            ^<HOST> -.*(GET|POST|HEAD).*(/wp-content/uploads/dump\.sql)
            ^<HOST> -.*(GET|POST|HEAD).*(/wp-includes/wlwmanifest\.xml)
            ^<HOST> -.*(GET|POST|HEAD).*(/wp-login\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(/www/phpMyAdmin/index\.php)
            ^<HOST> -.*(GET|POST|HEAD).*(\x00Cookie:)
            ^<HOST> -.*(GET|POST|HEAD).*(\x22cache_name_function)
            ^<HOST> -.*(GET|POST|HEAD).*(\x22JDatabaseDriverMysqli)
            ^<HOST> -.*(GET|POST|HEAD).*(\x22JSimplepieFactory)
            ^<HOST> -.*(GET|POST|HEAD).*(\x22sanitize)
            ^<HOST> -.*(GET|POST|HEAD).*(\x22SimplePie)
            ^<HOST> -.*(GET|POST|HEAD).*(\x5C0disconnectHandlers)
            ^<HOST> -.*(GET|POST|HEAD).*(\.\./wp-config.php)


ignoreregex =