Rule to block or fool IP on first attempt to access specific URLs

Free Modsecurity rules - Comodo Web Application Fi
#1

Is the following possible? I have searched for the following but may have missed it. Sorry if I have.

Problem:
I have noticed a number of attempted attacks on certain items that I have not installed for example. This rule would have multiple options in it.

  • /Wordpress/wp-login.php
  • /Blog/wp-login.php
  • /myadmin/scripts/setup.php

When someone tries to connect to any of these items do one of the following for all future attempts

Option #1
Ban the IP immediately

Option #2
Do not ban the IP, but reply with a 404 Not found message for all future requests.

Thank you

#2

Hi

You can create custom login page like this:

Login: root
Password: ******
Enter your credit card number/CVV code to confirm access: ___

:P0l :P0l :P0l

Jokes aside you can get this post as base and write your rule for this task: https://forums.cpanel.net/threads/mod_security-how-to-trigger-error-page-custom-rule-for-xmlrpc-php-attack.426692/

Regards, Oleg