Re: [Fail2ban-users] Regex Filter for Strange Sequences in Logs

Sun, 10 Jul 2016 09:12:06 -0700 

I will certainly test tomorrow and report back if it's caught.

On 2016/07/09 8:12 PM, [email protected] wrote:

Would the apache-overflows filter catch this?

On 7/9/2016 1:59 AM, Mitchell Krog wrote:
A little more investigation into my apache error logs this morning on some wordpress sites and I found the following from different IP addresses. It does appear that people are attempting some kind of buffer overflow against wordpress sites.
[Fri Jul 08 07:25:33.444036 2016] [core:error] [pid 19186:tid 140183949231872] (36)File name too long: [client 40.77.167.95:8985] AH00036: access to /\xe2\xc \x83\xc6\x92\xc3\x86\xe2\x80\x99\xc3\x83\xe2\x80\xa0\xc3\xa2\xe2\x82\*_(I shortened this by 4782 characters)_*-global-warming.html failed (filesystem path '/home/_removed_/htdocs/
Again this is appearing only in error logs, not actually in access logs. What it appears they are doing is calling the site and inserting this string in between some valid permalinks. So for instance http://yoursite.com/something.html becomes http://yoursite.com/\xe2\xc\x83\x26-something.html 

Anyone else seeing this behavior on any wordpress sites?
I think I must join the Apache user mailing list on this one. Not really a Fail2Ban issue but I do think it would be nice for Fail2Ban to be able detect things like these random strings and have a filter for blocking them for good. 



------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape


_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users



------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to