hello all -
there are many times a certain page, particularly a login-page, seems to get hit hundreds (or even thousands) of times per minute. obviously this is some sort of hack attempt.
i seem to recall there was some way in CSF to space out multiple hits to the same page from the same IP number. or put another way, maybe a way to only allow one page from one particular IP every 20 seconds or something like that (sorry i am guessing here)
could somebody please refresh my memory what this setting is, and how to enable it?
thank you all very much.
repeated page requests
Re: repeated page requests
Check for CONNLIMIT in CSF configuration.
-
edwardsmarkf
- Junior Member
- Posts: 32
- Joined: 05 Oct 2013, 16:32
Re: repeated page requests
thanks sergio - my CONNLIMIT value is blank, probably the initial default.
may i ask for a recommendation as to the value it might be set to?
i am thinking 80;20 as per the documentation:
http : / / configserver(dot)com/free/csf/readme.txt
may i ask for a recommendation as to the value it might be set to?
i am thinking 80;20 as per the documentation:
http : / / configserver(dot)com/free/csf/readme.txt
Re: repeated page requests
If you are suffering of wordpress or joomla hack attempts to a login page, that setting will not help.
The connlimit what it does is to allow only 20 connections at a time at the same page, but that pesky attack cannot be stopped just with that. You have to rely on modsecurity and CSF with a regex rule to block any attempt to the login pages at the first try.
The connlimit what it does is to allow only 20 connections at a time at the same page, but that pesky attack cannot be stopped just with that. You have to rely on modsecurity and CSF with a regex rule to block any attempt to the login pages at the first try.
Re: repeated page requests
I have existing rules for both ModSecurity and CSF if you need.