Skip to content

Instantly share code, notes, and snippets.

@Belphemur
Last active November 11, 2021 07:44
Show Gist options
  • Save Belphemur/96bd96cd80c396443c4c3863458dd628 to your computer and use it in GitHub Desktop.
Save Belphemur/96bd96cd80c396443c4c3863458dd628 to your computer and use it in GitHub Desktop.
CrowdSec - Wordpress Login & XML RPC Scenario
type: leaky
format: 2.0
#debug: true
name: belphemur/http-wordpress-login-xmlrpc
description: "Detect attempt to access to wp-login and xmlrpc"
filter: "evt.Meta.log_type == 'http_access-log' && (evt.Parsed.file_name == 'wp-login.php' || evt.Parsed.file_name == 'xmlrpc.php') && evt.Parsed.verb == 'POST'"
groupby: "evt.Meta.source_ip"
#distinct: evt.Parsed.request
capacity: 4
leakspeed: 2m
blackhole: 5m
labels:
service: http
type: bruteforce
remediation: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment