block ips with custom regex from downloaded list
Posted: 21 Oct 2020, 06:21
hi all,
I have wordpress on two web server nodes behind a loadbalancer server. and I log "failed login IPs" on web nodes in a file in order to use this custom regex on it:
this works on both servers. But I figured out this is not what I need to do to block those IPs. Shame. I needed to log those IPs on the loadbalancer, so I wrote this script and add it to cronjob to run every minute:
Then I add the same regex to loadbalance with the new log path. But It's not working. I don't know how csf and lfd reads those logs but the only difference between web nodes and loadbalancer is that on web nodes, the log file is being written line by line. But on loadbalancer the log file is being written at once and gets replaced every minute. Can you help me?
I have wordpress on two web server nodes behind a loadbalancer server. and I log "failed login IPs" on web nodes in a file in order to use this custom regex on it:
Code: Select all
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\d+\.\d+\.\d+\.\d+)/)) {
return ("Failed Wordpress login from",$1,"wordpresslogin","5","80,443","3600","0");
}
Code: Select all
#!/bin/bash
WEB1_IP="X.X.X.X"
WEB2_IP="Y.Y.Y.Y"
LOG_URL="/login_logs.txt"
LOG_PATH="/home/login_logs.txt"
wget -q -O - "$WEB1_IP""$LOG_URL" | tail -n+2 > "$LOG_PATH"
wget -q -O - "$WEB2_IP""$LOG_URL" | tail -n+2 >> "$LOG_PATH"