Custom REGEX rules for CSF.

sahostking
Junior Member
Posts: 45
Joined: 29 May 2013, 19:07
Location: Cape Town, South Africa
Contact:

Re: Custom REGEX rules for CSF.

Post by sahostking »

Use the following to block WordPress XMLRPC and WP-login attacks.

Ensure you set CUSTOM2 to apache log files and CUSTOM3 to exim rejectlog file in csf.conf

Code: Select all

# XMLRPC
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","3600");
}

# WP-LOGINS
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-login\.php.*" /)) {
return ("WP Login Attack",$1,"WPLOGIN","5","80,443","3600");
}

Post Reply