ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Bandwidth Limit and CSF

https://mail.forum.configserver.com/viewtopic.php?t=9745

Page 1 of 1

Bandwidth Limit and CSF

Posted: 11 Sep 2016, 14:51
by jboulton
Hello,

I've had a bot or something target one of my sites which has been eating up bandwidth. Is there something in CSF I can tweak to stop what is happening below? I can manually ban the IP; however I would like the firewall to pick this up:

82.144.222.130 - - [11/Sep/2016:06:13:14 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:14 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:15 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"
82.144.222.130 - - [11/Sep/2016:06:13:16 -0600] "GET /120-news/administrator/index.php HTTP/1.0" 500 7309 "-" "-"

Thanks.

Jeff

Re: Bandwidth Limit and CSF

Posted: 11 Sep 2016, 15:10
by Sergio
If you know what log file to check, you can write a REGEX to pick the IP and block it, something like this, assuming that the IP to block is the one at the start of the log line:

Code: Select all

^(\S+).*GET \/120\-news\/administrator\/index\.php
On the readme.txt you can read:
"Please read /usr/local/csf/bin/regex.custom.pm for more information"
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited