I caught some idiot trying to brute force a wordpress installation and he sat there trying to guess passwords and usernames.
I only just enabled modsec_audit.log logging but had to turn it off because this idiot was hitting my site and the log file grew to 550megs in only minutes.
Had I not turned it off he could have bought down the box once that file reached a huge #.
So what have you guys done to prevent out of control logging like this.
Im surprised GSA didn't ban his ass but the GSA file is looking at /var/log/httpd/error_log not modsec_audit.log where the actual logging is taking place.
And what about brute force monitor? Doesn't catch this?
And nothing logged to error_log? Strange.
And I even had Login_limits plugin active on that wp site and he was banned after 4 attempts yet it kept logging to modsec_audit.log even after he was banned?
I only just enabled modsec_audit.log logging but had to turn it off because this idiot was hitting my site and the log file grew to 550megs in only minutes.
Had I not turned it off he could have bought down the box once that file reached a huge #.
So what have you guys done to prevent out of control logging like this.
Im surprised GSA didn't ban his ass but the GSA file is looking at /var/log/httpd/error_log not modsec_audit.log where the actual logging is taking place.
And what about brute force monitor? Doesn't catch this?
And nothing logged to error_log? Strange.
And I even had Login_limits plugin active on that wp site and he was banned after 4 attempts yet it kept logging to modsec_audit.log even after he was banned?
Last edited:
