mod-security-users

[mod-security-users] How to block ip addresses which always hack my website

[wai p. <wai...@gm...>]

I would like to block IP Address that visited 404 pages more than 10 times
in a minute.
Please tell me how can I write rule???

Re: [mod-security-users] How to block ip addresses which always hack my website

[Reindl H. <h.r...@th...>]

Am 30.08.19 um 08:02 schrieb wai phyo:
> I would like to block IP Address that visited 404 pages more than 10
> times in a minute.
> Please tell me how can I write rule???

when your site get hacked repeatly seek the problem and fix it

ten 404 requests per minute is for sure not a sign of hacking and such
rule won't achieve anything the f**k off legit clients behind a
carrier-grade NAT which are growing

Re: [mod-security-users] How to block ip addresses which always hack my website

[Ervin H. <ai...@gm...>]

Hi,

On Fri, Aug 30, 2019 at 12:32:14PM +0630, wai phyo wrote:
> I would like to block IP Address that visited 404 pages more than 10 times
> in a minute.
> Please tell me how can I write rule???

I'm not sure that I'ld do it with ModSecurity - if you really want to
build a mechanism to listen the 404 answer code, then it would be
better to catch it before the higher layer.

I mean, you can use an IDS, for example fail2ban[1], which checks
the http log, and if an IP triggers x+1 HTTP 404 in k+1 minute,
then it will be blocked until z+1 minute - on L3.



a.

[1] https://github.com/fail2ban/fail2ban

Re: [mod-security-users] How to block ip addresses which always hack my website

[Christian V. <cv...@it...>]

If you want to block just that ip l, you can use iptables for that.

If you want to block any ip that modsecurity detect like an attack, I
recommend you to install fail2ban and configure it with modsecurity

Cheers.

El vie., 30 de ago. de 2019 08:04, wai phyo <wai...@gm...>
escribió:

> I would like to block IP Address that visited 404 pages more than 10 times
> in a minute.
> Please tell me how can I write rule???
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>