Hi, I run a minor website http://socct.org, unfortunately the acronym coincides with https://www.wikileaks.org/wiki/SOCCT_(military). For the last two days the site is taking a multiple site brute force attacks. Apart from changing our name, any suggestions? I have added an extension rule to rule 31510 so that if I get multiple 31510 alerts in short period from the same ip I block for longer which stopped getting alerts every ten minutes.
Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
