Hello,
I’ve just installed the lastest version of your rules for litespeed (1.12) and am running the lastest stable versin of litespeed. For the moment I just wanted to block Wordpress and Joomla brute force attacks so I only enabled the brute force group and I also enabled the bot group.
However wp-login.php files and administrartor/index.php’s are both getting hit hard at the momenet and mod security is only reporting a few bots being stopped.
Should brute force work on litespeed ?
If not how can I implement a custom rule at least for Wordpress, something like this :
# Wordpress Brute Force Protection
#
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:1234123456
<Location /wp-login.php>
SecRule user:bf_block "@gt 0" "deny,status:401,log,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 #minutes.',id:1234123457"
SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:1234123458"
SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:1234123459"
SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
</location>
?
Thanks !