How to detect brute force in mod-security

Question

I checked the core rules set in the mod-security but it's didn't contain the rules related to Brute-Force Attack!!! Did anyone know how to write the rules or the existing rules for this kind of Attack!

Thanks in advanced,

score 1 · Answer 1 · answered Jan 12 '11 at 13:48

1

It's a better idea to have some daemon monitoring the logs and taking action. Fail2Ban works wonders for me. Alternatives exist.

answered Jan 12 '11 at 13:48

Chris S

77,337
11
120
212

score 0 · Answer 2 · answered Jun 08 '11 at 11:10

0

Check is post: http://www.dongit.nl/tech/modsecurity-brute-force-protection

answered Jun 08 '11 at 11:10

Marios81

1

2

Link-and-run answers are discouraged here on ServerFault. It is polite to include at least a summary of what the article contains, even if it is just the very broad steps. If they need detail, they can click. – sysadmin1138 Jun 08 '11 at 11:26

How to detect brute force in mod-security

2 Answers2