Further development of an existing log filter rule

Virtuello · October 6, 2024, 5:19pm

SYSTEM INFORMATION
OS type and version	Debian 12
Webmin version	2.202

Ilia has given us this rule

<xmp>

<HOST>.*POST.*(wp-login\.php|xmlrpc\.php|account\/signin).* 200

</xmp>

for banning unwanted wordpress logins and it works for 1000s of IP’s. 

But it doesn’t grasp this log line:

103.77.162.13 - - [06/Oct/2024:15:13:02 +0200] "POST /xmlrpc.php HTTP/1.1" 503 22644 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"

Can any script wizzard help me in perfectioning my wordpress jail?

Thank you very much!

Ilia · October 6, 2024, 5:33pm

Most likely, the following will work:

<HOST>.*POST.*(wp-login\.php|xmlrpc\.php|account\/signin).* (200|503)

Virtuello · October 8, 2024, 7:28am

Yes, it works.

Thank you Ilia …

Ilia · October 8, 2024, 9:19am

You’re welcome!

system · October 16, 2024, 9:19am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.