GeekOnTheHill

1. Community
2. Security
3. Auto block IP address based on page visit

If you have CSF installed you can enable 404 error blocking which would accomplish what you are describing. The problem with that is that something silly like a missing image could also trigger a ...

• View comment
• GeekOnTheHill
• March 12, 2019 12:12
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

I think the solution turned out to be a simple one: Just include a proper 401 page at the end of the honeypot, and then use LF_APACHE_401 and LF_APACHE_401_PERM to do the blocking. Yeah, I know t...

• View comment
• GeekOnTheHill
• March 11, 2019 21:31
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

As a matter of interest, if you research the owners of IPs behaving badly I would be interested in the numbers/percentages you find that are in fact listed public proxies or owned by telcos (possib...

• View comment
• GeekOnTheHill
• March 11, 2019 00:52
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

Sorry I disappeared for a while. I had a few high-priority jobs. One was especially interesting: coding a custom blog from scratch. It wasn't all that hard. It was just something I hadn't done befo...

• View comment
• GeekOnTheHill
• March 11, 2019 00:49
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

As a matter of interest, if you research the owners of IPs behaving badly I would be interested in the numbers/percentages you find that are in fact listed public proxies or owned by telcos (possib...

• View comment
• GeekOnTheHill
• January 07, 2019 22:34
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

I think you are misunderstanding LF_PERMBLOCK. It is a way to add a repeat temporary block offender to the csf.deny file. If LF_PERMBLOCK_COUNT temp blocks in LF_PERMBLOCK_INTERVAL period then add ...

• View comment
• GeekOnTheHill
• January 07, 2019 12:24
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

). Definitely not a bad idea. These IPs are revealing to us they most likely hacked sites/servers (also likely part of a group of compromised servers with a centralized control) An IP running ...

• View comment
• GeekOnTheHill
• January 07, 2019 10:37
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

@GeekOnTheHill Your mind thinks much the same as mine. Whilst the attempted login poses no threat, I still don't want them trying. Take a look at page 4 on here,

• View comment
• GeekOnTheHill
• January 04, 2019 13:12
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

This might get you started: blog.pheonixsolutions.com/block-wordpress-login-attacks-csf/ Thank you. Richard

• View comment
• GeekOnTheHill
• January 04, 2019 13:11
• 0 votes

1. Community
2. Security
3. Use modsecurity / CSF to block all common cms logins?

I don't necessarily think it's a bad idea however writing and maintaining all those rules is going to consume a lot of your time including the research into specifically which files to block. Serv...

• View comment
• GeekOnTheHill
• January 04, 2019 13:09
• 0 votes