Good morning.
One of my cPanel servers hosts only a few domains owned by the same client, none of which use a CMS. All of the sites are hand-coded in PHP.
We get an absurd number of requests on non-existent default CMS login pages (wp-login.php, for example). I have to assume that they're all malicious, so I'd like to use modsecurity and CSF to temp block every IP address that attempts to access those pages even once. There's no legitimate reason why anyone would be trying to access them, and we have no plans to ever implement a CMS on this server; so I figure I may as well block them at the firewall.
First question: Is this a bad idea?
Second question: If it's not a bad idea, which pages should I block? I personally don't use CMSs except for one WP installation on another server, so I really have little knowledge of them other than that WordPress seems to be the most popular.
Third question: Assuming this isn't a horrid idea, any suggestions for the rule itself would be appreciated. I have little experience or familiarity with writing custom rules, so I'd rather ask than break something.
Thanks,
Richard
One of my cPanel servers hosts only a few domains owned by the same client, none of which use a CMS. All of the sites are hand-coded in PHP.
We get an absurd number of requests on non-existent default CMS login pages (wp-login.php, for example). I have to assume that they're all malicious, so I'd like to use modsecurity and CSF to temp block every IP address that attempts to access those pages even once. There's no legitimate reason why anyone would be trying to access them, and we have no plans to ever implement a CMS on this server; so I figure I may as well block them at the firewall.
First question: Is this a bad idea?
Second question: If it's not a bad idea, which pages should I block? I personally don't use CMSs except for one WP installation on another server, so I really have little knowledge of them other than that WordPress seems to be the most popular.
Third question: Assuming this isn't a horrid idea, any suggestions for the rule itself would be appreciated. I have little experience or familiarity with writing custom rules, so I'd rather ask than break something.
Thanks,
Richard