Announcement

Collapse
No announcement yet.

Captcha down?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Currently, imunify360 without csf/lfd integration is not blocking WAF requests. Though we have rule in IM360 ruleset for many WP login attempts and it should block the IP.

    We planned to add blocking alerts from WAF in the future, but not in the next release.

    --
    imunify360 dev team

    Comment


    • #17
      > Currently, imunify360 without csf/lfd integration is not blocking WAF requests. Though we have rule in IM360 ruleset for many WP login attempts and it should block the IP.
      >
      > We planned to add blocking alerts from WAF in the future, but not in the next release.
      >
      > --
      > imunify360 dev team

      Well, customers got captcha site when they triggered WAF rules from OWASP that was installed with IM360. So you did block the requests (greylist). But that is only when CSF/LFD is enabled?

      Blocking alerts are not needed since this whole process should be automatic both for server admins and customers when they can use captcha.

      Could you list the ruleset and rules you are implementing/using?
      The most important rules you should have as CWAF has is:
      xmlrpc.php attacks (brute force) for WordPress
      wp-login.php attacks (brute force) for WordPress
      administrator.php attacks (brute force) for Joomla
      There should also be a similar rule for Drupal, but cannot remember url.

      Comment


      • #18
        > Well, customers got captcha site when they triggered WAF rules from OWASP that was installed with IM360. So you did block the requests (greylist). But that is only when CSF/LFD is enabled?

        Yes.

        > Could you list the ruleset and rules you are implementing/using?
        > The most important rules you should have as CWAF has is:
        > xmlrpc.php attacks (brute force) for WordPress
        > wp-login.php attacks (brute force) for WordPress
        > administrator.php attacks (brute force) for Joomla
        > There should also be a similar rule for Drupal, but cannot remember url.

        Now we are blocking IP only for "wp-login.php attacks (brute force) for WordPress" from ModSecurity if csf/lfd is disabled and I360 ruleset is enabled.

        --
        imunify360 dev team

        Comment


        • #19
          > Then I disabled CSF/LFD and started brute force on customers WP login page again.

          In this case try refreshing page using ctrl+shift+f5/ctrl+shift+R. It leads to appearing captcha.

          Comment

          Working...
          X