One Hat Cyber Team

Your IP : 18.118.11.225

Server IP : 104.21.32.1

Server : Linux agrigation-prod 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64

Server Software : nginx/1.24.0

PHP Version : 7.4.33

Buat File | Buat Folder

Dir : ~/etc/fail2ban/filter.d/

Edit File: domino-smtp.conf

# Fail2Ban configuration file for IBM Domino SMTP Server TASK to detect failed login attempts
#
# Author: Christian Brandlehner
#
# $Revision: 003 $
#
# Configuration:
# Set the following Domino Server parameters in notes.ini:
#       console_log_enabled=1
#       log_sessions=2
# You also have to use a date and time format supported by fail2ban. Recommended notes.ini configuration is:
#       DateOrder=DMY
#       DateSeparator=-
#       ClockType=24_Hour
#       TimeSeparator=:
#
# Depending on your locale you might have to tweak the date and time format so fail2ban can read the log

#[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf

[Definition]
# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
# Sample log entries (used different time formats and an extra sample with process info in front of date)
# 01-23-2009 19:54:51   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4
# [28325:00010-3735542592] 22-06-2014 09:56:12   smtp: postmaster [1.2.3.4] authentication failure using internet password
# 08-09-2014 06:14:27   smtp: postmaster [1.2.3.4] authentication failure using internet password
# 08-09-2014 06:14:27   SMTP Server: Authentication failed for user postmaster ; connecting host 1.2.3.4

__prefix = (?:\[[^\]]+\])?\s*
__opt_data = (?::|\s+\[[^\]]+\])
failregex = ^%(__prefix)sSMTP Server%(__opt_data)s Authentication failed for user .*? \; connecting host \[?<HOST>\]?$
            ^%(__prefix)ssmtp: (?:[^\[]+ )*\[?<HOST>\]? authentication failure using internet password\s*$
            ^%(__prefix)sSMTP Server%(__opt_data)s Connection from \[?<HOST>\]? rejected for policy reasons\.

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#

ignoreregex =