Hi everybody, HAPPY NEW YEAR!

Well it is me again trying to find the best way to manage my server, lol.

I have been using modsec rules for a time now and found that all the rules does a great job blocking a lot of injections or spammer attempts, it has been so great that I have refined a personal project:

I have tabulated data from 5 months and decided to block all the IPs that triggered the spam or injection rules, so, after depuring all the info I have about 7,000 IPs. I have divided them in two files: Hackers and Spammers. that two rules search and blocks this IPs.

I really like this project because now my server blocks the recurring IPs and no time is wasted checking what is wrong, of course if new IPs arrive the other great modsec rules will be stop them and in a few days I will be adding them to the lists.

Regards,
Sergio

That sounds like a great project. Would you be willing to share the data with me? I'm working on the RBL we will be adding to ASL in the future and data on attacks is exactly what I need to add to our honeypot data, particularly if you have done your own analysis and have some results to share.

For sure, I will be sending you the data via email to support.

By the way I know that I could have just one file with all the IPs in there, but I separated spammers from injection coders (hack attempts) just to have a track on them.

If you want, I can send you the IPs with the ID CODES that modsec assigned to them.

Regards,

Sergio

That would be great.

Hello Mike,
sorry for the delay, I will add the file on another post so anyone can use it, hope you don't mind.

Sergio.

Not at all. Please do.