Hi Sergio,
The 2nd quote is the log line from the file, I just want to detect whats in the first quote in the domlogs and then instantly ban the person trying to exploit.
Thanks for helping.
Search found 2 matches
- 07 Apr 2017, 20:47
- Forum: General Discussion (csf)
- Topic: REGEX needed to block VULN ATTACKS upload&pass=wcwc2016&login=go
- Replies: 3
- Views: 4088
- 05 Apr 2017, 13:34
- Forum: General Discussion (csf)
- Topic: REGEX needed to block VULN ATTACKS upload&pass=wcwc2016&login=go
- Replies: 3
- Views: 4088
REGEX needed to block VULN ATTACKS upload&pass=wcwc2016&login=go
In my log file I have seen someone to brute a lot of vulns, there are over 256 entries, but they only try twice for each attack, then try another vuln. However the string of "x=upload&mode=upload&upload=&ssp=RfVbHu&u=&action=upload&chdir=./&do=upload&pass=wcwc201...