[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-users
Subject:    Re: [Oisf-users] GeoIP And wp-login.php Bruteforce
From:       Peter Manev <petermanev () gmail ! com>
Date:       2014-09-17 5:07:22
Message-ID: 711CE6D8-7877-47EA-94A2-06C7B28180AA () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


> On 16 sep 2014, at 23:27, Eoin Miller <eoin.miller@trojanedbinaries.com> wrote:
> 
> > On 9/16/14 7:15 PM, Mesra.net CEO wrote:
> > Dear All,
> > 
> > My Suricata 2.0.3 compile with libgeoip, so I'm looking a rules to DROP any \
> > access out of Japan to wp-login.php file, so how to go about it?
> 

Some geoip info -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP
The rule example in the link  above is not optimal for your case though.



> Handle it in the webserver.
> 
> http://dev.maxmind.com/geoip/legacy/mod_geoip2/
> 
> -- Eoin
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/


[Attachment #5 (text/html)]

<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: auto;"><br>On 16 sep 2014, at \
23:27, Eoin Miller &lt;<a \
href="mailto:eoin.miller@trojanedbinaries.com">eoin.miller@trojanedbinaries.com</a>&gt; \
wrote:<br><br></div><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div>  
    <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
  
  
    <div class="moz-cite-prefix">On 9/16/14 7:15 PM, <a \
href="http://Mesra.net">Mesra.net</a> CEO  wrote:<br>
    </div>
    <blockquote cite="mid:7C374D57F757470DAFBAEAB5988D0928@UserPC" type="cite">
      <div dir="ltr">
        <div style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
          #000000">
          <div>Dear All,</div>
          <div>&nbsp;</div>
          <div>My Suricata 2.0.3 compile with libgeoip, so I'm looking a
            rules to DROP any access out of Japan to wp-login.php file,
            so how to go about it?</div>
          <div>&nbsp;</div>
        </div>
      </div>
    </blockquote>
    <br></div></blockquote><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: auto;">Some geoip info \
-</div><div><span style="-webkit-text-size-adjust: auto;"><a \
href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP">https:// \
redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP</a></span></div><div><span \
style="-webkit-text-size-adjust: auto;">The rule example in the link &nbsp;above is \
not optimal for your case though.</span></div><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: \
auto;"><br></div><br><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div>  Handle it in the webserver.<br>
    <br>
    <a class="moz-txt-link-freetext" \
href="http://dev.maxmind.com/geoip/legacy/mod_geoip2/">http://dev.maxmind.com/geoip/legacy/mod_geoip2/</a><br>
  <br>
    -- Eoin<br>
  

</div></blockquote><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div><span>_______________________________________________</span><br><span>Suricata \
IDS Users mailing list: <a \
href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: \
<a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a \
href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: \
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https:// \
lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span>OISF: \
<a href="http://www.openinfosecfoundation.org/">http://www.openinfosecfoundation.org/</a></span></div></blockquote></body></html>




_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic