Stop POST attack...

Post Reply
FikseSTS
Junior Member
Posts: 1
Joined: 09 Mar 2014, 04:54

Stop POST attack...

Post by FikseSTS »

Can CSF be setup to block a HTTP post attack? We are getting tons of these requests:

178.239.58.59 - - [08/Mar/2014:23:50:16 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 20531 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
93.174.93.102 - - [08/Mar/2014:23:50:16 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.64.177 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
94.102.51.10 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
80.82.64.177 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
93.174.93.102 - - [08/Mar/2014:23:50:17 -0500] "POST /wordpress/xmlrpc.php HTTP/1.0" 404 19918 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

we can block the IP's manually but would like CSF to detect these attacks and block the IP's that are repeatedly hammering the server...

thanks!
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Stop POST attack...

Post by Sergio »

You can do what you want creating a REGEX rule that you can set in regex.custom.pm, check the read.me file for instructions.
Post Reply