[Centos 8 | Csf v14.04] No blocking and no logging
Posted: 23 Jul 2020, 08:10
Hello,
ENV: Centos 8, Csf 14.04, iptables enable.
I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:
Instead of using modsecurity, I attempted to block with regex.custom.pm and configured some rules with multiple variants. I found that blocking and logging did not work.
The above regex should work and block the spammer as well as put his ip in csf.deny. It does not work.
In csf.deny, only lfd: *Port Scan* detected from are logged in. Nothing else. This means that Csf with iptables did not work. Or am I missing something?
ENV: Centos 8, Csf 14.04, iptables enable.
I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:
Code: Select all
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffriends.png
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffind.pngCode: Select all
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^.*\[client (\S+):\d+\].*(friends|add|find|secretary|scan|drifter|chat).png/)) {
return ("BlockBuckety5en",$1,"BlockBuckety5en","1","","604800");
}In csf.deny, only lfd: *Port Scan* detected from are logged in. Nothing else. This means that Csf with iptables did not work. Or am I missing something?