Guys.
Could someone help me with a custom regex to block failed cpanel logins.
I see quite a number of these daily.
Dropping connection from xx.xxx.xx.xx because of tcp_wrappers at cpsrvd.pl line 4191
If there are only one or two entries, then i don't worry too much, but occasionally, i'll get some hacker/robot etc, that will have 30 or more attempts, and quite often coming back for another go later in the day.
These i'm blocking manually.
Custom regex to block failed cpanel logins
Re: Custom regex to block failed cpanel logins
Looking at other custom regex rules, it's difficult to figure out exactly how they work.
So I copied someone elses and modified it slightly.
Would somethink like this do it ?
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+Dropping connection from \[(\S+)\]/)) {
return ("cpanel_login attack",$1,"SecmasCPANEL","1","1");
}
So I copied someone elses and modified it slightly.
Would somethink like this do it ?
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\S+\s+Dropping connection from \[(\S+)\]/)) {
return ("cpanel_login attack",$1,"SecmasCPANEL","1","1");
}