Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CrowdSec - Wordpress Login & XML RPC Scenario
type: leaky
format: 2.0
#debug: true
name: belphemur/http-wordpress-login-xmlrpc
description: "Detect attempt to access to wp-login and xmlrpc"
filter: "evt.Meta.log_type == 'http_access-log' && (evt.Parsed.file_name == 'wp-login.php' || evt.Parsed.file_name == 'xmlrpc.php') && evt.Parsed.verb == 'POST'"
groupby: "evt.Meta.source_ip"
#distinct: evt.Parsed.request
capacity: 4
leakspeed: 2m
blackhole: 5m
labels:
service: http
type: bruteforce
remediation: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment