Adding a custom service to cPhulkd
Hello,
I've been facing a huge wave of brute force attempts to WordPress logins lately and poking with a more robust solution for blocking it.
I have a custom rule in apache that's able to 401 an IP that has 'x' failed logins attempts. But lately, that's not being enough. I believe with the help of infected machines I'm getting waves after waves of thousands of different IPs and just for apache to process the rules it's costing loads of CPU. So, firewall them out is obviously necessary.
I know that there are tools like fail2ban that can scan apache log files and automatically block IPs or I could use my own script that I've written for that. However, cPhulkd has a wonderfull way of managing it's own iptables rules, white/black list, expiring blocks, etc.
So, here's my question: Is it possible to add custom services, or rules, etc, to cPhulkd to monitor? If it's not, then here's a new feature request ;)
Thanks,
Antonio.
-
I have a custom rule in apache that's able to 401 an IP that has 'x' failed logins attempts.
CSF offers this fuctionality as well.0 -
It's not supported at this time
Ok, thanks a bunch. But just out of curiosity, there isn't a workaround with cphulk? Like, inserting a log line in systemd that it would recognize or inserting rows in that cphulk mysql database, etc? How does cphulk actually works? Does it monitors log files, etc? The idea of using a third party tool doesn't sound much attractive.0 -
Hello @locador, cPHulk isn't designed to support the monitoring of custom services, so there are no feasible workarounds to implement that functionality. It's not checking for log file entries, but rather monitoring login attempts at the Thank you. 0
Please sign in to leave a comment.
Comments
4 comments