I'm working to block IP's that flood wp-login.php attempts by using CSF regex.custom.pm
in the /etc/csf/csf.conf I modified the line CUSTOM2_LOG =
I restarted csf with csf -r then tried accessing a wordpress site wp-login.php more than 5 times. I still get to the wp-login.php on the website and DO NOT see any entry in /etc/csf/csf.deny file.
I DO see 12 failed attempts in my /home/user/access-logs/domain-ssl_log file
I made sure my IP is not in /etc/csf/csf.allow
Has anyone been able to get this to work?
Code:
# DETECT AND BLOCK wp-login.php POST DOS attacks (requires: CUSTOM2_LOG = "/home/*/access-logs/*" in csf.conf)
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}
Code:
CUSTOM2_LOG = "/home/*/access-logs/*"
I DO see 12 failed attempts in my /home/user/access-logs/domain-ssl_log file
I made sure my IP is not in /etc/csf/csf.allow
Has anyone been able to get this to work?