ConfigServer Plugin Questions/Suggestion

Discussion in 'Linux VPS/Dedicated - cPanel' started by phpAddict, Aug 13, 2014.

  1. phpAddict

    phpAddict Active Member

    So I love how the system auto-bans connections. Saves me a lot of time trying to find @$$hole hackers. However, it mainly only applies to cpanel/whm logins, webmail/pop/smtp logins, and ftp login attempts, correct?

    I receive constant emails about "Excessive resource usage" and I find that 90% of the time it's hackers trying get into some of my WP sites. I'm not at all concerned that they'll be successful with the password complexity I use, but it seems dumb to me that these resource warnings don't at least include the offending IP address. It gives me the date/time, the account, how much memory/cpu usage, the file being exicuted, the process id, but no IP address? WTF? So now my question/suggestion...

    Ideally I would like an API or some way to tap into the "Firewall Deny IPs" so whenever I program sites I can easily block IP addresses when there's too many failed login attempts, including on my WP sites. If that is too difficult or not possible, at least an IP address in the "Excessive resource usage" so I can at least manually block IPs would be nice.

    Anyone have any experience doing this? I've come up short Googling, checking settings, and searching
    ConfigServer's documentation. Maybe I'm overlooking something, idk.

    I know this is 3rd party software so if I should register on ConfigServer's forum and bring my suggestion there, let me know.

    Thanks!
     
  2. Dan

    Dan Moderator

    Heya Josh,

    I ended up forcing a human check on all calls to the WP login page. It used to be that CSF monitored the mod_security log and would ban using it as well but that stopped working some time ago now unfortunately, at least for me it did. Going this route the login failures get logged as an htpasswd error and CSF will ban off of them.
     
  3. phpAddict

    phpAddict Active Member

    That's cool. Thanks Dan! I'll do that on all my WP sites right away and see what I can do to use that same method for my custom sites.
     
  4. Dan

    Dan Moderator

    This is what I did.

    Put a .htaccess in the /home directory with this in it
    Code:
    #Added to protect wp-login.php.  Used in conjuntion with /home/.wpadmin.
    <FilesMatch "wp-login.php">
    AuthType basic
    AuthName "Human Check - User: human Pass: check"
    AuthUserFile /home/.wpadmin
    Require valid-user
    </FilesMatch>
    
    ErrorDocument 401 "Authentication required"
    #End wp-login.php and changes.
    And then create the htpasswd file also in the /home directory.
    Code:
    /usr/local/apache/bin/htpasswd -c .wpadmin human
    At the password prompt enter the word "check" and then confirm it.

    So if a client goes to log in they have the user name and password right there on the prompt dialog but the bots fail it.

    If you come up with a better way to do this please let me know :)
     
  5. Dion

    Dion Member

    I solved this for a client by renaming wp-login.php and wp-signup.php to something obscure, and then writing a plugin that hooked all the login/logout/register URL filters to change the URLs to the new names. It also hooked the update action and copied the newly-created files to the obscure names, then deleted the new wp-login.php and wp-signup.php files.

    The result was bots receiving HTTP 404 errors when trying to log in or register. Since WordPress in effect hardcodes its filenames through its brain-dead update process, bots don't bother reading the pages to get the URLs. And the 404 error insures they will never return.
     

Share This Page