If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Currently, imunify360 without csf/lfd integration is not blocking WAF requests. Though we have rule in IM360 ruleset for many WP login attempts and it should block the IP.
We planned to add blocking alerts from WAF in the future, but not in the next release.
> Currently, imunify360 without csf/lfd integration is not blocking WAF requests. Though we have rule in IM360 ruleset for many WP login attempts and it should block the IP.
>
> We planned to add blocking alerts from WAF in the future, but not in the next release.
>
> --
> imunify360 dev team
Well, customers got captcha site when they triggered WAF rules from OWASP that was installed with IM360. So you did block the requests (greylist). But that is only when CSF/LFD is enabled?
Blocking alerts are not needed since this whole process should be automatic both for server admins and customers when they can use captcha.
Could you list the ruleset and rules you are implementing/using?
The most important rules you should have as CWAF has is:
xmlrpc.php attacks (brute force) for WordPress
wp-login.php attacks (brute force) for WordPress
administrator.php attacks (brute force) for Joomla
There should also be a similar rule for Drupal, but cannot remember url.
> Well, customers got captcha site when they triggered WAF rules from OWASP that was installed with IM360. So you did block the requests (greylist). But that is only when CSF/LFD is enabled?
Yes.
> Could you list the ruleset and rules you are implementing/using?
> The most important rules you should have as CWAF has is:
> xmlrpc.php attacks (brute force) for WordPress
> wp-login.php attacks (brute force) for WordPress
> administrator.php attacks (brute force) for Joomla
> There should also be a similar rule for Drupal, but cannot remember url.
Now we are blocking IP only for "wp-login.php attacks (brute force) for WordPress" from ModSecurity if csf/lfd is disabled and I360 ruleset is enabled.
We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.
By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.
Tweet
Comment