Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort Wodpress Security

    IDS/IPS
    2
    2
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      ukhost4u
      last edited by

      Hello.

      I am currently looking for a way to use Snort to block users on the PFSense firewall when they hit 10 failed login attempts. I read on some other forum that you can add a custom rule into: custom.rules and I added in:

      reject tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Wordpress Brute Force Login"; flow:to_server,established;content:"POST"; nocase; http_method; uricontent:"/wp-login.php"; nocase; content:!"wp-submit"; nocase; classtype:web-application-attack; sid:90000100; rev:1;)

      My question is, how do I make sure that this rule is being used? Under Categories I can't see an option to enable custom.rules

      Then if this is automatically included is my rule correct as Its currently not blocking abuse of wordpress which is what we are trying to do.

      Any help would be great.

      Thanks,

      Paul Hughes
      http://www.ukhost4u.co.uk/

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Go to the RULES tab in Snort.  In the Category drop-down, select Custom Rules.  That will open a text window where you can type in your rule.  Click SAVE and you're done… ;).

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post