Skip to content

Commit e9a5330

Browse files
committed
Update regex.custom.pm
1 parent 0b8d8ef commit e9a5330

File tree

1 file changed

+14
-0
lines changed

1 file changed

+14
-0
lines changed

regex.custom.pm

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,20 @@ sub custom_line {
162162
return ("Dot directory Honeypot Trap",$1,"nginx_404","2","80,443","86400","0");
163163
}
164164

165+
# /var/log/virtualmin/*_access_log
166+
# Accessing the server by Invalid Hostname (IP)
167+
# (Default: 10 errors bans for 24 hours)
168+
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+) -.*[GET|POST|HEAD].*(\s410\s)/)) {
169+
return ("Invalid Hostname Honeypot Trap",$1,"nginx_410","10","80,443","86400","0");
170+
}
171+
172+
# /var/log/nginx/access.log
173+
# Accessing the server by Invalid Hostname (IP)
174+
# (Default: 10 errors bans for 24 hours)
175+
if (($globlogs{CUSTOM3_LOG}{$lgfile}) and ($line =~ /(\S+) -.*[GET|POST|HEAD].*(\s410\s)/)) {
176+
return ("Invalid Hostname Honeypot Trap",$1,"nginx_410","10","80,443","86400","0");
177+
}
178+
165179
# Source: https://www.digitalflare.co.uk/blog/view/blocking-wp-login-and-xmlrpc-brute-force-attacks-with-csf-cpanel/
166180
# WordPress XMLRPC
167181
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+) -.*[GET|POST].*(xmlrpc.php)/)) {

0 commit comments

Comments
 (0)