I'm new to OSSEC and have recently installed it on some web servers that are being 'abused'. Every 15-20 seconds the user is accessing the captcha file and i believe using an OCR tool to bypass it. I was under the impression that OSSEC would detect this automatically with it's included rules and send me a notification (similar to DOS attack). This does not seem to be the case. Do i need to create a specific rule for this? Or do i have something mis-configured? I would appreciate any help.
Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
