FAIL2BAN - Filter.d - http-kevins
From IT-Arts.net
Filter.d
! Should be customized to your needs !
[Definition]
# Script-kiddies and Kevins patterns
failregex = ^<HOST>.*/wp-content/plugins/hellopress/wp_filemanager.php.*
^<HOST>.*/wp-includes/rest-api/alfa-rex.php7.*
^<HOST>.*/widgets.php.*
^<HOST>.*/b.php.*
^<HOST>.*/admin.php.*
^<HOST>.*/autoload_classmap.php.*
^<HOST>.*/wp-activate.php.*
^<HOST>.*/db.php.*
^<HOST>.*/bless.php.*
^<HOST>.*/blurbs.php.*
^<HOST>.*/cord.php.*
^<HOST>.*/axx.php.*
^<HOST>.*/wp-mail.php.*
^<HOST>.*/minik.php.*
^<HOST>.*/OK.php.*
^<HOST>.*/alfanew.php.*
^<HOST>.*/zsec.php.*
^<HOST>.*/arig.php.*
^<HOST>.*/admin1.php.*
^<HOST>.*/we2.php.*
^<HOST>.*/af32.php.*
^<HOST>.*/rz.php.*
^<HOST>.*/let.php.*
^<HOST>.*/w.php.*
^<HOST>.*/k.php.*
^<HOST>.*/pn.php.*
^<HOST>.*/gecko.php.*
^<HOST>.*/abe.php.*
^<HOST>.*/bs1.php.*
^<HOST>.*/cc.php.*
^<HOST>.*/css.php.*
^<HOST>.*/cloud.php.*
^<HOST>.*/bless.php.*
^<HOST>.*/radio.php.*
^<HOST>.*/cong.php.*
^<HOST>.*/bak.php.*
^<HOST>.*/as.php.*
^<HOST>.*/404.php.*
^<HOST>.*/link.php.*
^<HOST>.*/makeasmtp.php.*
^<HOST>.*/file.php.*
^<HOST>.*/chosen.php.*
^<HOST>.*/wp.php.*
^<HOST>.*/uana.php.*
^<HOST>.*/lock360.php.*
^<HOST>.*/a.php.*
^<HOST>.*/api.php.*
^<HOST>.*/inc.php.*
^<HOST>.*/atomlib.php.*
^<HOST>.*/ioxi-rex4.php7.*
^<HOST>.*/moon.php.*
^<HOST>.*/wp-info.php.*
^<HOST>.*/warm.PhP7.*
^<HOST>.*/ws.php7.*
^<HOST>.*/rss.php.*
^<HOST>.*/pekok.php.*
^<HOST>.*/elp.php.*
^<HOST>.*/wp-aa.php.*
^<HOST>.*/cart.php.*
^<HOST>.*/compare.php.*
^<HOST>.*/shop.php.*
^<HOST>.*/api.php.*
^<HOST>.*/222.php?p=.*
^<HOST>.*/atom.php.*
^<HOST>.*/case.php.*
^<HOST>.*/docs.php.*
^<HOST>.*/ios.php.*
^<HOST>.*/click.php.*
^<HOST>.*/lv.php.*
^<HOST>.*/inputs.php.*
^<HOST>.*/alfa.php.*
^<HOST>.*/byp.php.*
^<HOST>.*/goat1.php.*
^<HOST>.*/f.php.*
^<HOST>.*/max.php.*
^<HOST>.*/m.php.*
^<HOST>.*/as.php.*
^<HOST>.*/v.php.*
^<HOST>.*/bless.php.*
^<HOST>.*/vv.php.*
^<HOST>.*/0.php.*
^<HOST>.*/jp.php.*
^<HOST>.*/2.php.*
^<HOST>.*/goods.php.*
^<HOST>.*/manager.php?p=.*
^<HOST>.*/new.php.*
^<HOST>.*/info.php.*
^<HOST>.*/doc.php.*
^<HOST>.*/go.php.*
^<HOST>.*/mail.php.*
^<HOST>.*/11.php.*
^<HOST>.*/conflg.php?p=.*
^<HOST>.*/xmrlpc.php?p=.*
^<HOST>.*/asas.php.*
^<HOST>.*/ioxi-o.php.*
^<HOST>.*/about.php?p=.*
^<HOST>.*/akcc.php?p=.*
^<HOST>.*/zxl.php.*
^<HOST>.*/r.php.*
^<HOST>.*/ar.php.*
^<HOST>.*/js.php.*
^<HOST>.*/file1.php.*
^<HOST>.*/mar.php.*
^<HOST>.*/123.php.*
^<HOST>.*/321.php.*
^<HOST>.*/simple.php.*
^<HOST>.*/classwithtostring.php.*
^<HOST>.*/al.php.*
^<HOST>.*/xx.php?p=.*
^<HOST>.*/jga.php.*
^<HOST>.*/num.php.*
^<HOST>.*/ty.php?p=.*
^<HOST>.*/buy.php.*
^<HOST>.*/abcd.php.*
^<HOST>.*/c.php.*
^<HOST>.*/xo.php.*
^<HOST>.*/dlu.php.*
^<HOST>.*/rk2.php.*
^<HOST>.*/wso.php.*
^<HOST>.*/we.php.*
^<HOST>.*/karak.php.*
^<HOST>.*/content.php.*
^<HOST>.*/406.php.*
^<HOST>.*/k.php.*
^<HOST>.*/cache.php.*
^<HOST>.*/zfile.php.*
^<HOST>.*/NewFile.php.*
^<HOST>.*/des.php.*
^<HOST>.*/ant.php.*
^<HOST>.*/jlex.php.*
^<HOST>.*/mini.php.*
^<HOST>.*/fm.php?p=.*
^<HOST>.*/1.php.*
^<HOST>.*/wpc.php?p=.*
^<HOST>.*/lc.php.*
^<HOST>.*/mlex.php.*
^<HOST>.*/nc4.php.*
^<HOST>.*/class.php.*
^<HOST>.*/mpvloi.php.*
^<HOST>.*/v1.php.*
^<HOST>.*/dex.php.*
^<HOST>.*/angelV2.php.*
^<HOST>.*/wordpress/.*
^<HOST>.*/default.php.*
^<HOST>.*/.well-known/acme-challenge/about.php.*
^<HOST>.*./(backup.tgz|backup.zip|backup.tar).*
^<HOST>.*/\'.concat\(.*
ignoreregex = ^<HOST>.*spip-php-.* HTTP.*
Jail.conf
[http-kevins] enabled = true banaction = %(banaction_allports)s filter = http-kevins logpath = /var/log/nginx/*.log findtime = 3d maxretry = 0 bantime = -1 backend = polling
