Add userdomain to denyrule

Post Reply
Paarsch
Junior Member
Posts: 5
Joined: 05 Apr 2017, 11:00

Add userdomain to denyrule

Post by Paarsch »

Hello!

I am trying to setup CSF on my VPS and love how powerful and versatile it is. I have been able to customize it a bit for my applications (Auto-bans, Wordpress logins, etc.), and it has been stopping a lot of naughty traffic thus far.

Although it is stopping all of these break in attempts, i am curious which users (or domains) generate the most hacking attempts. Would it be possible to mention the userdomain in the comment of the denyrule in deny.csf? Sometimes we have a false positive, cause users use incorrect credentials. Then we first have to ask the user to figure out what their WAN address is, and not every user is that tech-savvy. Or they reply with their internal IP (192.18.1.1). Anyway, getting of off-topic here.

For instance these rules:
AA.BB.CC.DD # lfd: (smtpauth) Failed SMTP AUTH login from AA.BB.CC.DD (US/United States/ISP): 5 in the last 3600 secs - Thu Mar 23 08:44:12 2017
11.22.33.44 # lfd: (XMLRPC) LFD - WP XMLPRC Attack 11.22.33.44 (IE/Ireland/ISP): 15 in the last 3600 secs - Thu Mar 23 09:17:13 2017

I would like to see which domain generated this error like this:
AA.BB.CC.DD # lfd: (smtpauth) Failed SMTP AUTH login from AA.BB.CC.DD (US/United States/ISP): 5 in the last 3600 secs - domainA.com - Thu Mar 23 08:44:12 2017
11.22.33.44 # lfd: (XMLRPC) LFD - WP XMLPRC Attack 11.22.33.44 (IE/Ireland/ISP): 15 in the last 3600 secs - domainB.eu - Thu Mar 23 09:17:13 2017

Would that be possible? If yes, how?

Kind regards,

John.
Paarsch
Junior Member
Posts: 5
Joined: 05 Apr 2017, 11:00

Re: Add userdomain to denyrule

Post by Paarsch »

Alas, i was hoping someone could give me a nudge in the right direction, but it seems no one wants to go near this :P

Was it something i said? :D
Sergio
Junior Member
Posts: 1715
Joined: 12 Dec 2006, 14:56

Re: Add userdomain to denyrule

Post by Sergio »

You should post this on the "Suggestions (csf)" forum, is a good suggestion..
Post Reply