Search found 22 matches
- 03 Sep 2020, 23:57
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Can anybody assist with this? Still need to find a way to block multiple attacks on wp-login.php Have tried multiple times, but so far not working. I'm also using mod security and have enabled the mod_sec rules in CSF. Even though Mod Security is working and picking up the multiple violations, CSF i...
- 06 Jul 2020, 05:07
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Hey @ Sergio - I appreciate your help - can you try to paste the code into https://pastebin.com/
- 01 Jul 2020, 01:22
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Here is the new link for the image: will be active for 12 hours. Sergio I'm really confused. Why do you send a code that expires in 5 hrs or 12 hrs? Is it top secret? What's the problem on leaving it up for a longer ? Or if it really is very sensitive - then why not PM me with the URL ? I have not ...
- 16 Jun 2020, 22:24
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
@Sergio - thank you
- 14 Jun 2020, 23:18
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Nope missed that too!
I am not getting any notifications on this thread and as it was the weekend I was not checking manually.
Please can you do it again and also perhaps give a few days on the expiry?
Thanks
I am not getting any notifications on this thread and as it was the weekend I was not checking manually.
Please can you do it again and also perhaps give a few days on the expiry?
Thanks
- 13 Jun 2020, 03:50
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Hey Sergio
Thanks for your efforts - yes the blocking of IPs in this forum seems pretty harsh.
Also I never received notification of your post - so I was not able to get to this post sooner - I missed your 5hr deadline.
Could you please repost with a longer timeframe?
Heaps of thanks for your time
Thanks for your efforts - yes the blocking of IPs in this forum seems pretty harsh.
Also I never received notification of your post - so I was not able to get to this post sooner - I missed your 5hr deadline.
Could you please repost with a longer timeframe?
Heaps of thanks for your time
- 11 Jun 2020, 02:01
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Hi @sergio Thank you for your offer to assist, I appreciate that. FYI I am running Centos server 7.8 and WHM /Cpanel v86. Also running Modsec OWASP CRS v3. I also (mostly) but not always have a htaccess basic auth set up for WordPress sites (just an extra layer of security). For some reason I don't ...
- 08 Jun 2020, 23:55
- Forum: General Discussion (csf)
- Topic: Blocking Wordpress Login and xmlprc attacks with LFD
- Replies: 28
- Views: 67475
Re: Blocking Wordpress Login and xmlprc attacks with LFD
Just to comment that although this appears to be useful, it doesn't seem to work for me; I followed the instructions, then used a VPN to try to login to a wordpress site - and tried random logins 5 times to trigger the block. LFD accurately recorded the block like so: (WPLOGIN) WP Login Attack 77.zz...
- 30 May 2020, 06:17
- Forum: General Discussion (csf)
- Topic: blocking IPV6 ip addresses
- Replies: 1
- Views: 3186
blocking IPV6 ip addresses
Hello I have two related questions if you could answer, I would be very grateful; 1) I am using Mod security as well as CSV on my Apache Centos server. I have been getting some IPV6 attacks and mod security is adding them to the mod security block just fine - but how can I manually add the offending...
- 05 Apr 2017, 03:21
- Forum: General Discussion (csf)
- Topic: disable or change definition: suspicious process and excessive resource
- Replies: 2
- Views: 2522
Re: disable or change definition: suspicious process and excessive resource
Hi all I came here looking for an answer on this matter also. The "Excessive resource usage" notifications can be a bit of a nuisance if you already know about the user / program etc. So what is the best way to curtail these based on a specific user - or perhaps increase the notification t...