I'm getting hammered by probes for non-existent PHP files. Received From: sugaree->/var/log/httpd/xxx.c om_error_log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s):
[Tue Jan 31 09:57:35.809951 2017] [proxy_fcgi:error] [pid 25770] [client 46.28.110.136:51282] AH01071: Got error 'Primary script unknown\n' What's the best way to make a rule to throw an active deny response for these after two attempts within 1 minute? -- -- Steve -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
