I’ve got the Comodo ModSecurity Litespeed Rule Set as a vendor in WHM/cPanel v. 58 build 19 with updates “on”, and I’m also running the Login Security Solutions WordPress plugin. Over the last week or so, I’m seeing alerts from Login Security Solutions about brute force attacks that the Comodo rules are allowing. It turns out the attacks use the same username, but don’t use the same IP address more than once or twice. Should the current Comodo WAF rules prevent such attacks and it’s just not working, or are they not blocked?
Current bruteforce protection is IP and time based, so it is designed to report bruteforce attacks from single IP during certain time period.
Thanks, that’s what I wanted to know.
I don’t know if it’s even possible with ModSecurity, but is there a place I can request username-based brute force protection be added to future rule sets?
Sure, “wishlist” at your service: https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/wish-list-please-post-your-wishes-here-t100660.0.html