We have in our server logs every day continuos bot trying to access the below for example:
Requests with error response codes 404 Not Found /favicon.ico: 3 Time(s) /3ckkB-ZOp30: 2 Time(s) /adminer-3.7.1.php: 2 Time(s) /eGfLqNJOuqgur2f: 2 Time(s) /robots.txt: 2 Time(s) /winter.php?9e1ii8rtztula2_75ebd41oqp_kf3w9lj-dm99: 2 Time(s) /0XvFhDrIXxN41.html: 1 Time(s) /0xgjFcQBKZz03.jp: 1 Time(s) /2MOlzgwdyon73: 1 Time(s) /2QMQR_rCWb_kb92.jp: 1 Time(s) /3uuTp_iPYvTc9.jp: 1 Time(s) /4MavbQXKsSFWv59: 1 Time(s) /winter.php?00ee8z48c8fb9e2666: 1 Time(s) /winter.php?01gxbe714bacoxx7by: 1 Time(s) /winter.php?01u9e6e7d85d0c10gn: 1 Time(s) /winter.php?02qlwkyd8afe5250m2: 1 Time(s) /winter.php?03rdhtzje8fc1d4rs4o_52wku: 1 Time(s) /winter.php?05rihk899bc7emlvrb: 1 Time(s) /winter.php?07re1w9178292nc48m: 1 Time(s) /winter.php?09r2nc68agkcy61d6cz1e59347jhmg6dkb5l33p: 1 Time(s) /winter.php?0BRawvhp-cSbd.html: 1 Time(s) /winter.php?0apmvkq0ujtbu4c9be9fr7pvtopnulf: 1 Time(s) /winter.php?0b9sgs0cc9c13_2_h1: 1 Time(s) /winter.php?0csi0z322a5c3hki00: 1 Time(s) /winter.php?0cu5f7_jh_f79e8e2ucwzk-6: 1 Time(s) /winter.php?12evai16c8b044n19x: 1 Time(s) /winter.php?13sj8i7047ec3h0d2c: 1 Time(s) /winter.php?146-7p5e00132l6bpj: 1 Time(s) /winter.php?186h0k872ed9fhuvsf-g: 1 Time(s) /winter.php?18kd5nyab949edi8tc: 1 Time(s) /winter.php?19jba6lhacd8d9c59xpte: 1 Time(s) /winter.php?1ac7r752cf18gpy4_p: 1 Time(s) /winter.php?1db_7sef6ba39l-j3v: 1 Time(s) /winter.php?22fag93b32433iiy41: 1 Time(s) /winter.php?27f_25875b67mw38v: 1 Time(s) /winter.php?27jec856a8212twr1xz: 1 Time(s) /winter.php?27lyf5ba10d8lip-: 1 Time(s) /winter.php?2cl4ggnd841aa036a0: 1 Time(s) /winter.php?2dcf40b6db43o7wfdi: 1 Time(s) /winter.php?2de1tinttb844952gss6wbz: 1 Time(s) /winter.php?31t1y7d26701kyan50: 1 Time(s) /winter.php?34-9fac19903svqmyk: 1 Time(s) /winter.php?341oxzrdd48ab3n3d_: 1 Time(s) /winter.php?38-zqhi465bb8fs0ux: 1 Time(s) /winter.php?3cdh21002e4cd34-0: 1 Time(s) /winter.php?3ee3wok207-zfde226e6k28p79ttmusn15imep5xz: 1 Time(s) /winter.php?3evyze4m7083b5eitm7a6: 1 Time(s) /winter.php?42oz53c7291a39or30: 1 Time(s) /winter.php?48k61e8e95800fcfi0: 1 Time(s) /winter.php?48wcak3-jypn569253992dlfwn63xya32m_: 1 Time(s) /winter.php?4alg5wbf16f51d5tzcs8_l5yh45d: 1 Time(s) /winter.php?4bjjlked5b5a9lfb52: 1 Time(s)
We are using WHM / cPanel with CSF firewall and MODSEC how can I set a rule to automatically completely block the IP Address of what ever tries to access /winter.php********* so does not matter what is where the ***** is . as long as it starts with /winter.php in the url then it can be blocked?
Any ideas?