[Centos 8 | Csf v14.04] No blocking and no logging

Post Reply
AdminWonder
Junior Member
Posts: 19
Joined: 25 Feb 2014, 16:26

[Centos 8 | Csf v14.04] No blocking and no logging

Post by AdminWonder »

Hello,

ENV: Centos 8, Csf 14.04, iptables enable.

I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:

Code: Select all

FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffriends.png
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffind.png
Instead of using modsecurity, I attempted to block with regex.custom.pm and configured some rules with multiple variants. I found that blocking and logging did not work.

Code: Select all

	if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^.*\[client (\S+):\d+\].*(friends|add|find|secretary|scan|drifter|chat).png/)) {
		return ("BlockBuckety5en",$1,"BlockBuckety5en","1","","604800");
	}
The above regex should work and block the spammer as well as put his ip in csf.deny. It does not work.

In csf.deny, only lfd: *Port Scan* detected from are logged in. Nothing else. This means that Csf with iptables did not work. Or am I missing something?
Top
Post Reply

Return to “General Discussion (csf)”