Auto blocking of IPS and reporting to AbuseIPDB
Posted: 27 Jan 2022, 05:35
Hi team
I am using CSF and mod Security. I have implemented an automated reporting facility to AbuseIPDB.
It all works well - except occasionally, it sends a report to AbuseIPDB but does not block in CSF
When that happens, this is what is reported in AbuseIPDB
However, when I check in CSF deny list, there is nothing found !
How can I automatically deny these such IPS in CSF ?
I am using CSF and mod Security. I have implemented an automated reporting facility to AbuseIPDB.
It all works well - except occasionally, it sends a report to AbuseIPDB but does not block in CSF
When that happens, this is what is reported in AbuseIPDB
This is what shows in Hits List for Modsec (there are many entries similar)(CT) IP 12.345.6.789 (CA/Canada/-) found to have 190 connections;
So the IP is being reported to AbuseIPDB and listed as bad in Cloudflare and showing as abusive in Modesc.....2022-01-27 14:02:37 127.0.0.1 12.345.6.789 WARNING 400 920350: Host header is a numeric IP address Hide
Request: GET /cgi-sys/autodiscover.cgi
Action Description: Warning.
Justification: Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host.
However, when I check in CSF deny list, there is nothing found !
How can I automatically deny these such IPS in CSF ?