|
|
|
|
|
|
by ryanlol
2695 days ago
|
|
|
If you're using regex to parse attacker controlled files I'm not entirely sure if you're in control. Many unexpected things can happen, as a simple example SSH can generate log entries like this Jan 30 17:37:04 server sshd[26695]: Invalid user root from 127.0.0.1 from 10.0.0.1
The default rules can deal with this specific example, but this is certainly a path I wouldn't want to go down myself. |
|
|