mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd7f8dd1a2debb34421699d8b0e0366dc84f9eed
Fail2Ban-Dashboard---NPM/fail2ban/filter.d/npm-probe.conf
gitea dd7f8dd1a2 Initial release: F2B Control Center v1.0 
Dockerized Fail2Ban + dashboard for Nginx Proxy Manager.

- Single-container image (fail2ban + Node.js + supervisord)
- Pre-built NPM filters: badbot, http-errors, npm-probe, manual-bans
- Web dashboard with live ban feed, log scanner, AbuseIPDB integration
- Configurable via environment variables and .env file
- Persistent volumes for config and ban history
- Webhook support for ban event notifications
- README, .gitignore, MIT license

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 14:40:59 +00:00

30 lines
2.2 KiB
Plaintext
Raw Blame History

# ── F2B Control Center — npm-probe filter ────────────────────────────────────
#
# Bans IPs probing for well-known vulnerable paths.
# These requests almost always indicate automated exploit scanning — a single
# hit warrants a long ban (configured to 48h / maxretry 3 in jail.local).
#
# Covered categories:
# - PHP-based CMS admin paths (WordPress, Joomla, etc.)
# - Common config/credential file leaks (.env, .git, etc.)
# - Java frameworks (actuator, Spring Boot, Struts)
# - Web shells and common RCE payloads
# - Device/router admin interfaces (HNAP, boaform)
# - PHPMyAdmin, Adminer, database tools
# - Path traversal attempts (../)
#
# LOG FORMAT:
# Primary pattern matches NPM logs with [Client IP] real-IP field.
# See badbot.conf for details on switching to standard nginx format.
# ─────────────────────────────────────────────────────────────────────────────
[Definition]
# ── Primary: NPM [Client IP] format ──────────────────────────────────────────
failregex = ^[^ ]+ - -[^\[]*\[[^\]]+\] "(?:GET|POST|HEAD|OPTIONS) (?:/.env(?:\.[^"]*)?|/.git(?:/[^"]*)?|/wp-login\.php|/wp-admin(?:/[^"]*)?|/xmlrpc\.php|/phpmyadmin(?:/[^"]*)?|/pma(?:/[^"]*)?|/adminer(?:\.php)?|/admin\.php|/config\.php|/setup\.php|/install\.php|/actuator(?:/[^"]*)?|/console|/manager/html|/invoker/JMXInvokerServlet|/solr(?:/[^"]*)?|/geoserver(?:/[^"]*)?|/boaform(?:/[^"]*)?|/HNAP1(?:/[^"]*)?|/cgi-bin/[^"]*|/shell\.php|/cmd\.php|/eval-stdin\.php|/[^"]*\.\./[^"]*) HTTP[^"]*" \d{3} .* \[Client <HOST>\]
# ── Alternative: standard nginx combined format ───────────────────────────────
# failregex = ^<HOST> - -[^\[]*\[[^\]]+\] "(?:GET|POST|HEAD) (?:/.env|/.git|/wp-login\.php|/wp-admin|/xmlrpc\.php|/phpmyadmin|/pma|/adminer|/admin\.php|/actuator|/console|/boaform|/HNAP1|/cgi-bin/|/shell\.php) HTTP"
ignoreregex =
Reference in New Issue View Git Blame Copy Permalink