Code: Select all
# Block Bad Zoneminder logins from apache2 error log. These are case insensitive (note the i after the regex).
if (($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /^.*\[client\s(\d+\.\d+\.\d+\.\d+):.*?].*ERR.*\[could not retrieve user.*?]/i)) {
return ("Failed ZoneMinder Login (user not found)",$1,"zmnouser","1","80","1","0");
}
if (($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /^.*\[client\s(\d+\.\d+\.\d+\.\d+):.*?].*ERR.*\[login denied for user.*?]/i)) {
return ("Failed ZoneMinder Login (BAD PASSWORD)",$1,"zmbadpass","1","80","1","0");
}