block ips with custom regex from downloaded list

Post Reply
ali11007
Junior Member
Posts: 1
Joined: 21 Oct 2020, 06:09

block ips with custom regex from downloaded list

Post by ali11007 »

hi all,
I have wordpress on two web server nodes behind a loadbalancer server. and I log "failed login IPs" on web nodes in a file in order to use this custom regex on it:

Code: Select all

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\d+\.\d+\.\d+\.\d+)/)) {
         return ("Failed Wordpress login from",$1,"wordpresslogin","5","80,443","3600","0");
}
this works on both servers. But I figured out this is not what I need to do to block those IPs. Shame. I needed to log those IPs on the loadbalancer, so I wrote this script and add it to cronjob to run every minute:

Code: Select all

#!/bin/bash

WEB1_IP="X.X.X.X"
WEB2_IP="Y.Y.Y.Y"

LOG_URL="/login_logs.txt"
LOG_PATH="/home/login_logs.txt"

wget -q -O - "$WEB1_IP""$LOG_URL" | tail -n+2 > "$LOG_PATH"
wget -q -O - "$WEB2_IP""$LOG_URL" | tail -n+2 >> "$LOG_PATH"
Then I add the same regex to loadbalance with the new log path. But It's not working. I don't know how csf and lfd reads those logs but the only difference between web nodes and loadbalancer is that on web nodes, the log file is being written line by line. But on loadbalancer the log file is being written at once and gets replaced every minute. Can you help me?
Post Reply