Search found 2 matches
- 03 Oct 2024, 19:37
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 86941
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Post a log line of your ModSecurity error_log for me to check it, thanks. Sergio This is the exact rule I want it to fire on. Thu Oct 03 13:30:22.623029 2024] [security2:error] [pid 646349:tid 646389] [client ***.***.***.***:60072] [client ***.***.***.***] ModSecurity: Access denied with code 403 (...
- 03 Oct 2024, 06:59
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 32
- Views: 86941
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Here is the rule that I use to block at the first byte some ModSecurity rules: # BLOCKING ModSec Rules attacks if (($lgfile eq $config{CUSTOM1_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\.\d+\s+\S+\] \[:error\] \[pid \d+.*\] \[client \S+\] \[client (\S+)\] ModSecurity.*\[id "(210280|210350|2...