One Hat Cyber Team

Your IP: 216.73.217.4
Server IP: 41.128.143.86
Server: Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software: Apache
PHP Version: 8.3.23
Buat File | Buat Folder

Dir : ~/usr/share/doc/fail2ban/dist-config/filter.d/

Edit File: zoneminder.conf

# Fail2Ban filter for Zoneminder login failures

[INCLUDES]
before = apache-common.conf

[Definition]

# patterns: [Mon Mar 28 16:50:49.522240 2016] [:error] [pid 1795] [client 10.1.1.1:50700] WAR [Login denied for user "username1"], referer: https://zoneminder/
#           [Sun Mar 28 16:53:00.472693 2021] [php7:notice] [pid 11328] [client 10.1.1.1:39568] ERR [Could not retrieve user test details], referer: https://zm/
#           [Sun Mar 28 16:59:14.150625 2021] [php7:notice] [pid 11336] [client 10.1.1.1:39654] ERR [Login denied for user "john"], referer: https://zm/
#
# Option:  failregex
# Notes.:  regex to match the login failure and non-existent user error messages in the logfile.

prefregex = ^%(_apache_error_client)s (?:ERR|WAR) <F-CONTENT>\[(?:Login denied|Could not retrieve).*</F-CONTENT>$

failregex = ^\[Login denied for user "<F-USER>[^"]*</F-USER>"\]
            ^\[Could not retrieve user <F-USER>\S*</F-USER>

ignoreregex =

# Notes:
#	Tested on Zoneminder 1.29 and 1.35.21
#
#	Zoneminder versions > 1.3x use "ERR" and < 1.3x use "WAR" level logs, so i've kept both for compatibility reasons
#
# Author: John Marzella