Preventing brute force attack on WordPress and Joomla website
Hello,
I have used modsecurity rule list for cpanel and installed OWASP vendor through WHM. There are rules which we can turn OFF and ON. I have turned all rules ON. My question is how to turn ON brute force attack prevention mode because I do not see it in OWASP vendor rules for cpanel (
I have tried it but it didn't work. Below is what I did.
replaced following
with
restarted apache
I have tried it but it didn't work. Below is what I did.
-
]
- Go to to /usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/
- Load the file in /usr/local/apache/conf/modsec2.cpanel.conf
- open following file and edit
# vi /usr/local/apache/conf/modsec_vendor_configs/OWASP/modsecurity_crs_10_setup.conf
replaced following
SecAction "id:'900014', phase:request, nolog, pass, t:none, setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#'', setvar:'tx.brute_force_burst_time_slice=60', setvar:'tx.brute_force_counter_threshold=10', setvar:'tx.brute_force_block_timeout=300'"
with
SecAction "id:'900014', phase:request, nolog, pass, t:none, setvar:'tx.brute_force_protected_urls=#/wp-login.php# #/administrator/index.php#'', setvar:'tx.brute_force_burst_time_slice=60', setvar:'tx.brute_force_counter_threshold=5', setvar:'tx.brute_force_block_timeout=300'"
restarted apache
-
Hello :), Can you please try to use following modsecurity rule on your server for Brute Force attack. SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:4900000 SecRule user:bf_block "@gt 0" "deny,status:401,log,severity:'2',id:4900001,msg:'Wordpress Brute Force: IP blocked for 5 minutes, more than 15 login attempts in 3 minutes'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137" SecRule ip:bf_counter "@gt 15" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"0
Please sign in to leave a comment.
Comments
2 comments