Menu
▾
▴
Re: [SSHGuard-users] A minor bug in Wordpress brute force protection
|
From: Kevin Z. <kev...@gm...> - 2018-01-27 18:42:15
|
Hi Tony, Thanks for the report. On 01/25/2018 08:33, Tony Zhou wrote: > I tried to implement Wordpress login brute force protection with my > SSHGuard 2.1.0 (2.1.0-1 from Arch Linux repo), and found that SSHGuard > will not react to access log of attempts to wp-login.php if there is an > argument passed to wp-login.php. > > I am using iTheme Security to hide my wp-login.php address, and when a > failed login happens, the following log was captured: > > server nginx: my.client.ip.addr - - [25/Jan/2018:11:20:57 -0500] "POST > /wp-login.php?itsec-hb-token=somewploginentry HTTP/2.0" 200 2159 > "https://my.server.domain.tld/wp-login.php?itsec-hb-token=somewploginentry" > "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gcko/20100101 > Firefox/58.0" I didn't expect to see the '?' in POST requests, so the parser does not recognize characters after 'wp-login.php' when detecting the attack. I think I'll go ahead and add a catch-all to the regex? -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
