fuzzylogic

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

As a matter of interest, if you research the owners of IPs behaving badly I would be interested in the numbers/percentages you find that are in fact listed public proxies or owned by telcos (possib...

• View comment
• fuzzylogic
• January 07, 2019 20:48
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

I think you are misunderstanding LF_PERMBLOCK. It is a way to add a repeat temporary block offender to the csf.deny file. If LF_PERMBLOCK_COUNT temp blocks in LF_PERMBLOCK_INTERVAL period then add ...

• View comment
• fuzzylogic
• January 07, 2019 11:46
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

1). Definitely not a bad idea. These IPs are revealing to us they most likely hacked sites/servers (also likely part of a group of compromised servers with a centralized control) An IP running...

• View comment
• fuzzylogic
• January 06, 2019 12:22
• 0 votes

1. Community
2. Security
3. Fail2ban for Apache Scanner

Your regex is not right. You are using * which does not work as you intend. Use .* to do that. Here is a working version of what you tried to write... failregex = [[]client :.*[]] File does not exi...

• View comment
• fuzzylogic
• December 28, 2018 04:12
• 0 votes

1. Community
2. Security
3. Advice on modsecurity response when rule is hit

I tested this on a domain on a cPanel server with "COMODO ModSecurity Apache Rule Set" as the only rule set enabled. For the first test I appended /?q="> to the https domain name (to avoid .htacce...

• View comment
• fuzzylogic
• December 16, 2018 06:25
• 0 votes

1. Community
2. Security
3. Advice on modsecurity response when rule is hit

To troubleshoot your issues I need to be able to duplicate the problem. Could you please confirm the exact name of the ruleset you are using (copy it and paste it to your reply) Copy it from the Ve...

• View comment
• fuzzylogic
• December 15, 2018 07:11
• 0 votes

1. Community
2. Security
3. Block WordPress wp-login.php attempts with CSF?

Hello @Waqass To diagnose the problem I would need to see... Which (of the 3 posted here) lfd custom regex rules you are using. Sample log lines from one of the access_log files you are monitorin...

• View comment
• fuzzylogic
• May 05, 2019 11:44
• 0 votes

1. Community
2. Security
3. OWASP mod_security breaking Wordpress page save

Hello subtopic, OWASP CRS 3.2 has 29 WordPress exclusion rules in a single .conf file. You can view/get them at this url SpiderLabs/owasp-modsecurity-crs If you choose to use one or more of them I...

• View comment
• fuzzylogic
• September 20, 2018 10:45
• 0 votes

1. Community
2. Security
3. Entries in Log File Questions

The apache access_log lines you posted are evidence that the ip address in your original post requested the whm login page. It is not evidence that they successfully logged in. See the attached scr...

• View comment
• fuzzylogic
• September 18, 2018 06:48
• 0 votes

1. Community
2. Security
3. OWASP V3 error when installing.

That error message is confusing. The response from... /usr/local/cpanel/scripts/modsec_vendor list indicates that "OWASP ModSecurity Core Rule Set V3.0" is already added but not enabled, so to the...

• View comment
• fuzzylogic
• September 09, 2018 05:05
• 0 votes