Skip to content

Instantly share code, notes, and snippets.

Last active September 24, 2020 20:23
What would you like to do?
# this script will help mitigate wp-login and xmlrpc attacks for servers that not use imunify modsecrules, if you server use it, you dont need install it
# this is the first version, and we will work alot on that
run() {
#moving old regex.custom to be safe on this action
mv /usr/local/csf/bin/ /usr/local/csf/bin/
# download custom regex.custom
wget --quiet -O /usr/local/csf/bin/
# added variable on csf.conf
sed -i '/DEBUG =/ a CUSTOM49_LOG = "/var/log/apache2/domlogs/*/*"' /etc/csf/csf.conf
#check if everything was added fine on last line of csf.conf
egrep "CUSTOM49_LOG =".*"" /etc/csf/csf.conf
if [ $? -eq 0 ]
echo "csf.conf was received the right configuration"
echo "Sorry, csf.conf is not configured yet, please proceed doing this configuration manually"
# restart csf and lfd
service lfd restart && csf -r >/dev/null 2>&1
echo -e "csf and lfd was restarted"
echo "the configuration was finished, all events now of bruteforce attacks on wp-login and XMLRPC should be find on var\/log\/lfd.log"
echo "example -> \(WPLOGIN\) WP Login Attack 77.zzz.zzz.13 (-) 10 in the last 3600 secs - Blocked in csf port=80"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment