Custom Regex help plz

Post Reply
masterross
Junior Member
Posts: 4
Joined: 29 Jun 2020, 12:42

Custom Regex help plz

Post by masterross »

Hi guys!

I made a custom regex rule that worked in the begging but now looks like it's not triggered anymore.

Here it is:

Code: Select all

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:POST) .*\/admin\/ HTTP.*301.*"/)) {
return ("OC Admin attack",$1,"OC-admin-login","1","80,443","8600");
}
and in the /etc/csf/csf.conf:

Code: Select all

CUSTOM3_LOG = "/var/log/apache2/domlogs/alabalaa/alabalaa.bg-ssl_log"
And here is the output from the log:

Code: Select all

[07/Oct/2021:15:54:32 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:15:54:33 +0300] "GET / HTTP/1.1" 200 44667 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:11:43 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:11:44 +0300] "GET / HTTP/1.1" 200 44667 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:18:26 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:18:26 +0300] "GET / HTTP/1.1" 200 44667 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:47:50 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:47:50 +0300] "GET / HTTP/1.1" 200 44666 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:55:28 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:16:55:29 +0300] "GET / HTTP/1.1" 200 44666 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:17:00:12 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:17:00:13 +0300] "GET / HTTP/1.1" 200 44666 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:17:38:15 +0300] "POST /admin/ HTTP/1.1" 301 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[07/Oct/2021:17:38:16 +0300] "GET / HTTP/1.1" 200 44666 "https://www.alabalaa.bg/admin/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
What is wrong?
Top
masterross
Junior Member
Posts: 4
Joined: 29 Jun 2020, 12:42

Re: Custom Regex help plz

Post by masterross »

Strange but now is working!
Top
Post Reply

Return to “General Discussion (csf)”