* minor tune in ssh.preg

* filters/ssh.preg : fix
* filters/ssh.preg
3 changed files with 6 additions and 0 deletions
--- a/filters/nginx-bots.pcre
+++ b/filters/nginx-bots.pcre
@ -5,7 +5,9 @@
 <HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+Ringing\.at\.your\.dorbell
 <HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/.*(wget|curl)(\\x|%)20https?://
 <HOST> .* "(GET|HEAD|POST) .*/bin/(ba|c|z)?sh( |\\x20|%20)-c
+<HOST> .* "(GET|HEAD|POST) .*XDEBUG_SESSION_START=phpstorm
 <HOST> .* "(\\x[0-9a-z]{2,6})+" 400
+<HOST> .* (\\x[0]{2,6}){2,}.* 400
 # set: defscore=10
 # phpmyadmin and variations
 <HOST> .* "(GET|HEAD|POST) (https?://[0-9a-z.-]+)?(:[0-9]*)?/+(php|sqlite)-?(manager)?
--- a/filters/pptpd.preg
+++ b/filters/pptpd.preg
@ -0,0 +1,2 @@
+# set: defscore=1
+pptpd.* CTRL: Client <HOST> control connection started
--- a/filters/ssh.preg
+++ b/filters/ssh.preg
@ -15,3 +15,5 @@ Invalid user [[:print:]]+ from <HOST>
 refused connect from [[:print:]]+ \(<HOST>\)
 Did not receive identification string from <HOST>
 Connection closed by <HOST>( port [0-9]+)? \[preauth\]
+Connection closed by authenticating user [[:print:]]+ <HOST> port [0-9]+ \[preauth\]
+banner exchange: Connection from <HOST> port [0-9]+: invalid format
Author	SHA1	Message	Date
Alex 'AdUser' Z	5ee1ab4c74	* minor tune in ssh.preg	7 months ago
Alex 'AdUser' Z	98bea0f873	* filters/ssh.preg : fix	11 months ago
Alex 'AdUser' Z	ee282f730b	* filters/ssh.preg	11 months ago
Alex 'AdUser' Z	10a11edc82	+ filters/pptpd.preg	11 months ago
Alex 'AdUser' Z	9f413a957a	* nginx-bots	11 months ago