[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] GeoIP And wp-login.php Bruteforce
From: Peter Manev <petermanev () gmail ! com>
Date: 2014-09-17 5:07:22
Message-ID: 711CE6D8-7877-47EA-94A2-06C7B28180AA () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
> On 16 sep 2014, at 23:27, Eoin Miller <eoin.miller@trojanedbinaries.com> wrote:
>
> > On 9/16/14 7:15 PM, Mesra.net CEO wrote:
> > Dear All,
> >
> > My Suricata 2.0.3 compile with libgeoip, so I'm looking a rules to DROP any \
> > access out of Japan to wp-login.php file, so how to go about it?
>
Some geoip info -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP
The rule example in the link above is not optimal for your case though.
> Handle it in the webserver.
>
> http://dev.maxmind.com/geoip/legacy/mod_geoip2/
>
> -- Eoin
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: auto;"><br>On 16 sep 2014, at \
23:27, Eoin Miller <<a \
href="mailto:eoin.miller@trojanedbinaries.com">eoin.miller@trojanedbinaries.com</a>> \
wrote:<br><br></div><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div class="moz-cite-prefix">On 9/16/14 7:15 PM, <a \
href="http://Mesra.net">Mesra.net</a> CEO wrote:<br>
</div>
<blockquote cite="mid:7C374D57F757470DAFBAEAB5988D0928@UserPC" type="cite">
<div dir="ltr">
<div style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR:
#000000">
<div>Dear All,</div>
<div> </div>
<div>My Suricata 2.0.3 compile with libgeoip, so I'm looking a
rules to DROP any access out of Japan to wp-login.php file,
so how to go about it?</div>
<div> </div>
</div>
</div>
</blockquote>
<br></div></blockquote><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: auto;">Some geoip info \
-</div><div><span style="-webkit-text-size-adjust: auto;"><a \
href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP">https:// \
redmine.openinfosecfoundation.org/projects/suricata/wiki/GeoIP</a></span></div><div><span \
style="-webkit-text-size-adjust: auto;">The rule example in the link above is \
not optimal for your case though.</span></div><div style="-webkit-text-size-adjust: \
auto;"><br></div><div style="-webkit-text-size-adjust: \
auto;"><br></div><br><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div> Handle it in the webserver.<br>
<br>
<a class="moz-txt-link-freetext" \
href="http://dev.maxmind.com/geoip/legacy/mod_geoip2/">http://dev.maxmind.com/geoip/legacy/mod_geoip2/</a><br>
<br>
-- Eoin<br>
</div></blockquote><blockquote type="cite" style="-webkit-text-size-adjust: \
auto;"><div><span>_______________________________________________</span><br><span>Suricata \
IDS Users mailing list: <a \
href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: \
<a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a \
href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: \
<a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https:// \
lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span>OISF: \
<a href="http://www.openinfosecfoundation.org/">http://www.openinfosecfoundation.org/</a></span></div></blockquote></body></html>
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic