Block probers

Post Reply
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

Block probers

Post by david5372 »

One class of malicious user/uncooperative person is the prober. This is the source of most traffic on my websites, and consists of trying to find weaknesses to exploit.

Typical accesss are to files and directories with names like these:

Code: Select all

wp-login.php, wordpress, wp-includes, PMA2017, admin, mysql, db, database, phpmyadmin, program, myadmin...
Why can't csf add an option to look for sequences of n or more such accesses from the same IP and then temporarily block that IP? The lookup would be quick using a hashtable, and temporary blocking is already implemented. I could see such a feature requiring no more than an hour for actual implementation.
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

Re: Block probers

Post by david5372 »

I wrote a program wp-login.php to give these hackers a scary message.
Silent Ninja
Junior Member
Posts: 40
Joined: 24 Apr 2008, 15:58

Re: Block probers

Post by Silent Ninja »

I believe you are looking for Mod Security and/or ConfigServer eXploit Scanner, which both have URL / uploaded file scanning patterns and LFD can block multiple matches by these two (LF_MODSEC, LF_CXS)
david5372
Junior Member
Posts: 11
Joined: 29 May 2014, 16:13
Location: Maine, USA

Re: Block probers

Post by david5372 »

Silent, how do I use the cPanel interface to set these up?

Also, is there any way to block everyone with a .ru reverse address? These are mostly the malicious folks, as judged by their access attempts.
Post Reply