diff options
-rw-r--r-- | apache.txr | 13 | ||||
-rw-r--r-- | exim.txr | 2 | ||||
-rw-r--r-- | ssh.txr | 2 |
3 files changed, 9 insertions, 8 deletions
@@ -6,9 +6,9 @@ @ (and) @ (if (search-regex agent #/Googlebot|bingbot|baidu/)) @ (bind points nil) -@ (elif (search-regex (downcase-str agent) - #/ezoom|bot|spider|crawler|scan|yandex|coccoc|github|python/)) -@ (bind points 9) +@ (elif (or (equal err "500") + (search-str uri "honeypot"))) +@ (bind points 1) @ (elif (and (not (memqual err '("200" "206" "301" "302" "304"))) (not (or (mequal (short-suffix uri) "ico" "jpg" "png" "gif"))))) ))) @@ -17,9 +17,10 @@ @ (bind points 0) @ (end) @ (end) +@ (require (nequal ip "::1")) @ (do - (let ((time (make-time year month day hour min sec :auto))) - (if points - (report ip time points) + (let ((time (make-time-utc year month day hour min sec :auto))) + (if (or points (contains "cgit" uri)) + (report ip time (or points 0)) (do-expiry time)))) @(end) @@ -30,7 +30,7 @@ host lookup failed@(skip) @ (accept continue) @ (end) @ (do - (let ((time (make-time year month day hour min sec :auto))) + (let ((time (make-time-utc year month day hour min sec :auto))) (report ip time points))) @ (end) @ (end) @@ -9,7 +9,7 @@ @(repeat) @ (all) @(m month) @(n day) @(n year) @(n hour):@(n min):@(n sec) @(skip) -@ (bind time @(make-time year month day hour min sec :auto)) +@ (bind time @(make-time-utc year month day hour min sec :auto)) @ (and) @ (cases) @nil @nil @nil @nil localhost sshd[@nil]: Failed password for @user from @ip port @(skip) |