Issue
How to get information about the DoS attack from the Imunify360 log.
Environment
- Imunify360
- Any OS
- Any panel
Solution
-
For DoS detection events, it is possible to use the following command for searching the console.log:
# for i in $(ls /var/log/imunify360/console.log* | sort -rn); do zgrep "DOS detection" $i; done
Example of such event:
INFO [2021-10-30 09:22:07,037] defence360agent.internals.the_sink: SensorAlert
({'method': 'ALERT', 'plugin_id': 'cl_dos', 'rule': None, 'timestamp':
1635603726.886842, 'attackers_ip': IPv4Network('12.34.56.78/32'), 'connections': 115,
'name': 'DOS detection', 'port': 443, 'message': 'Oct 30 09:22:06 Denial of
Service attack was discovered from 12.34.56.78, on port 443. Open connections: 115',
'properties': {'ttl': 1800, 'expiration': 1635605526, 'deep': 1}}) processed in 0.1181
seconds -
For Captcha DoS detection events, it is possible to use the following command for searching the console.log:
# cat /var/log/imunify360/console.log | grep "CAPTCHA_DOS" | grep "CaptchaDosAlert"
Example of such an event:
INFO [2021-10-31 18:14:51,856] defence360agent.internals.the_sink: CaptchaDosAlert
({'method': 'CAPTCHA_DOS_ALERT', 'attackers_ip': IPv4Network('12.34.56.78/32'),
'expiration': 1636586091, 'ttl': 864000, 'retries': 101, 'timestamp': 1635722091.7827697,
'message': 'Blacklisted for 10 days after 101 captcha requests'}) processed in 0.0729
seconds
Comments
0 comments
Please sign in to leave a comment.