ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

Custom Regex for CSF to block bad logins

https://forums.zoneminder.com/viewtopic.php?t=30682

Page 1 of 1

Custom Regex for CSF to block bad logins

Posted: Tue Apr 13, 2021 1:28 pm
by haus
In case anyone is using CSF/LFD for firewall/bruteforce prevention, I created these rules for 1.34.23 on Ubuntu 20.04 (Apache2) to block IPs that fail to log into ZM. These would go in /etc/csf/regex.custom.pm.

Code: Select all

# Block Bad Zoneminder logins from apache2 error log. These are case insensitive (note the i after the regex).
if (($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /^.*\[client\s(\d+\.\d+\.\d+\.\d+):.*?].*ERR.*\[could not retrieve user.*?]/i)) {
               return ("Failed ZoneMinder Login (user not found)",$1,"zmnouser","1","80","1","0");
}

if (($globlogs{HTACCESS_LOG}{$lgfile}) and ($line =~ /^.*\[client\s(\d+\.\d+\.\d+\.\d+):.*?].*ERR.*\[login denied for user.*?]/i)) {
               return ("Failed ZoneMinder Login (BAD PASSWORD)",$1,"zmbadpass","1","80","1","0");
}
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited