GITLAB

Snippets

Sign in
  • Sign in

prestashop-hack.conf
Add new snippet


#81 by 72f60816e60779e1cff35b00d383cb94?s=40&d=identicon doekia
← discover snippets
prestashop-hack.conf Buy Me a Coffee at ko-fi.com
raw
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
# Fail2Ban configuration file
# Author: (d)oekia
#
# Ban Prestashop hack attempt
#
# This is /etc/fail2ban/filter.d/prestashop-hack.conf
#

# To deploy, add the following to your /etc/fail2ban/jail.local
# -----8<---------8<---------8<-----
# [prestashop-hack]
# maxretry = 0
# enabled  = true
# logpath = /var/log/apache*/*access.log
#        /var/log/ispconfig/httpd/*/*-access.log
# filter   = prestashop-hack
# action   = iptables-allports[name=prestashop]
# findtime = 86400
# bantime  = 604800
# -----8<---------8<---------8<-----
#

#
# knowndoor is the list of url reflecting a hack attemp
# knockdoor trigger when someone tries known security breach (that you should have fixed)
#
# Don't be shy protect your-self, distribute it, share your list of knowndoor & knockdoor and buy me a coffee
# 

[Definition]

knowndoor = \/hous\.php|=hous\.php|up=shell|\/1attributewizardpro\/|\/attributewizardpro\.OLD\/|\/attributewizardpro_x\/|\/cartabandonmentproOld\/|\/up\.php|id_rsa|id_dsa|\.ssh|\/root\/|\.aspx|\/lindex\.php|\/bindex\.php|\.\.|eval-stdin

knockdoor = /advancedslider/|/columnadverts/|/soopabanners/|/soopamobile/|/vtermslideshow/|/simpleslideshow/|/productpageadverts/|/homepageadvertise/|/jro_homepageadvertise/|/attributewizardpro/|/advancedslider/|/cartabandonmentpro/|/videostab/|/wg24themeadministration/|/wdoptionpanel/|/fieldvmegamenu/|/pk_flexmenu/|/pk_vertflexmenu/|/nvn_export_orders/|/fieldvmegamenu/|/idx_config/

# Option:  failregex
# Notes.:  Regexp to catch known spambots and software alike. Please verify
#          that it is your intent to block IPs which were driven by
#          abovementioned bots.
# Values:  TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*(?:%(knowndoor)s).* HTTP.*".*$
            ^<HOST> -.*"(GET|POST).*(?:%(knockdoor)s).*(upload.*\.php|ajax.*\.php|add\.php) HTTP.*" 404.*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =