cPanel with WHM on Centos 7 64bit. Latest version of CSF is running. I will check everything again and ask my hosting provider as well and let you know.
This is the correct path to my apache access log and so the entry in csf.conf is:
CUSTOM4_LOG = "/usr/local/apache2/access_log"
Have checked everything carefully and it is not trapping these events.
I have ModSecurity module installed with Vendor Tools and they are trapping these events well and adding IP's to the deny list so CSF is working well but not for these Wordpress failed logins.
.
Mar 14 07:32:58 server1 lfd[6397]: (mod_security) mod_security (id:970901) triggered by 110.147.133.59 (AU/Australia/CPE-110-147-133-59.nhl8.cht.bigpond.net.au): 10 in the last 3600 secs - *Blocked in csf* [LF_MODSEC]
Any other suggestions?
Block brute force on wordpress wp-login ?
Re: Block brute force on wordpress wp-login ?
I;m running Centos7 with cPanel.
Make sure the entries you are looking for are in the log you are scanning
My Log Dir is /usr/local/apache/domlogs/*/*
That covers domain logs for every domain
Also be sure to restart both csf and lfd.
csf -r && service lfd restart
Hope this helps.
Make sure the entries you are looking for are in the log you are scanning
My Log Dir is /usr/local/apache/domlogs/*/*
That covers domain logs for every domain
Also be sure to restart both csf and lfd.
csf -r && service lfd restart
Hope this helps.
Last edited by imbekoz on 20 Mar 2017, 14:05, edited 1 time in total.
Re: Block brute force on wordpress wp-login ?
imbekoz wrote: ↑17 Mar 2017, 18:09 I;m running Centos7 with cPanel.
Make sure the entries you are looking for are in the log you are scanning
My Log Dir is /usr/local/apache/domlogs/*/*
That covers domain logs for every domain
Also be sure to restart both csf and lfd.
csf -r && service lfd restart
Hope this helps.