This would be better asked on a CSF forum. (?)
(I assume that you actually mean Apache 2.4 HTTP Server.)
The standard CSF settings are fine, if you use the recommended combined logs.
(I assume that you actually mean Apache 2.4 HTTP Server.)
The standard CSF settings are fine, if you use the recommended combined logs.
- Home /
- Service Configuration /
- Apache Configuration /
- Piped Log Configuration
Last edited by a moderator:
I try to secure login inside OpenCart.
I do not know if folder is the correct path. An example: should we use / or without,
\/admin/index\.php.
<!-- CSF/LFD to Block OpenCart Bruteforce Attacks ---->
<!-- 1. Edit the file -->
nano /usr/local/csf/bin/regex.custom.pm
<!-- Add the following code: -->
# XMLRPC
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1");
}
# OC-LOGINS Users
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) {
return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1");
}
# OC-LOGINS Administrator
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) {
return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1");
}
<!-- 2. Add the custom log that CSF/LFD will monitor -->
nano /etc/csf/csf.conf
I do not know if folder is the correct path. An example: should we use / or without,
\/admin/index\.php.
<!-- CSF/LFD to Block OpenCart Bruteforce Attacks ---->
<!-- 1. Edit the file -->
nano /usr/local/csf/bin/regex.custom.pm
<!-- Add the following code: -->
# XMLRPC
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) {
return ("WP XMLPRC Attack",$1,"XMLRPC","5","80,443","1");
}
# OC-LOGINS Users
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) {
return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1");
}
# OC-LOGINS Administrator
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/admin/index\.php.*" /)) {
return ("OC Login Attack",$1,"OCLOGIN","5","80,443","1");
}
<!-- 2. Add the custom log that CSF/LFD will monitor -->
nano /etc/csf/csf.conf
Why not just use {HTACCESS_LOG} in the regex.custom.pm? The only reason I can think of offhand, for using a custom log, is to monitor a particular cPanel account/domain, in which case use a specific domlog.
I note that your copy/paste of the custom regex appears to be incorrect - the test for user and admin are identical. :-\
Also note that the CSF forum is likely a better venue for these questions.
I note that your copy/paste of the custom regex appears to be incorrect - the test for user and admin are identical. :-\
Also note that the CSF forum is likely a better venue for these questions.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| T | How to modify csf.conf file? | Developer Experience | 11 | |
|
CSF analogue for FreeBSD | Developer Experience | 2 | |
| M | CSF Not Blocking Port? | Developer Experience | 3 | |
| J | CSF Breaking named | Developer Experience | 2 | |
| J | Allowing all connections on a port in CSF | Developer Experience | 6 |