Snort Wodpress Security
-
Hello.
I am currently looking for a way to use Snort to block users on the PFSense firewall when they hit 10 failed login attempts. I read on some other forum that you can add a custom rule into: custom.rules and I added in:
reject tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"Wordpress Brute Force Login"; flow:to_server,established;content:"POST"; nocase; http_method; uricontent:"/wp-login.php"; nocase; content:!"wp-submit"; nocase; classtype:web-application-attack; sid:90000100; rev:1;)
My question is, how do I make sure that this rule is being used? Under Categories I can't see an option to enable custom.rules
Then if this is automatically included is my rule correct as Its currently not blocking abuse of wordpress which is what we are trying to do.
Any help would be great.
Thanks,
Paul Hughes
http://www.ukhost4u.co.uk/ -
Go to the RULES tab in Snort. In the Category drop-down, select Custom Rules. That will open a text window where you can type in your rule. Click SAVE and you're done… ;).
Bill