Hello,
I've had a bot or something target one of my sites which has been eating up bandwidth. Is there something in CSF I can tweak to stop what is happening below? I can manually ban the IP; however I would like the firewall to pick this up:
82.144.222.130 - - [11/Sep/2016:06:13:14 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:14 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
Thanks.
Jeff
Bandwidth Limit and CSF
Re: Bandwidth Limit and CSF
If you know what log file to check, you can write a REGEX to pick the IP and block it, something like this, assuming that the IP to block is the one at the start of the log line:
On the readme.txt you can read:
"Please read /usr/local/csf/bin/regex.custom.pm for more information"
Code: Select all
^(\S+).*GET \/120\-news\/administrator\/index\.php"Please read /usr/local/csf/bin/regex.custom.pm for more information"