Information on exploit scanners

Post Reply
itmonitor
Junior Member
Posts: 4
Joined: 19 Aug 2015, 09:16

Information on exploit scanners

Post by itmonitor »

Hi,

I use a wordpress website with the plugin Visitor Maps. The plugin points out the visitors IPs and which webpage they accessed. It is also listing exploit scanners that are looking for certain files inside the website directories, for instance:

/wp-content/themes/(theme-name)/(subfoldername)/css/loading.gif
/wp-content/plugins/newsletters-lite/css/jquery-countdown.css

There is no loading.gif in the CSS folder and in the second case, the newsletters-lite plugin is not and has never been installed in this server. However, I noticed in other cases that those scanners tried to access files that actually exist in my website install. This poses a serious risk.

The IPs originating those access are not related to visitors that usually visit my website. What I am doing is to add manually those IPs to the CSF blacklist. This is time consuming and also risky because depends on manual work that is not done at the same time the scanner tries an unautorized access to a file.

Is there any way to configure CSF to block those scanners and/or to detect them and automatically add their IPs to the black list?

Any advice is welcome.
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Information on exploit scanners

Post by Sergio »

You can create your own REGEX rule and add it to CSF, read: viewtopic.php?f=6&t=7517
there are some examples on how a REGEX can be used to do this automatically.

Sergio
Post Reply