On Thu, Jun 5, 2014 at 11:44 AM, Lou <[email protected]> wrote: > I'm new to OSSEC and have recently installed it on some web servers that are > being 'abused'. Every 15-20 seconds the user is accessing the captcha file > and i believe using an OCR tool to bypass it. I was under the impression > that OSSEC would detect this automatically with it's included rules and send > me a notification (similar to DOS attack). This does not seem to be the > case. Do i need to create a specific rule for this? Or do i have something > mis-configured? I would appreciate any help. >
There's probably no rule for it. You can use the ossec-logtest program to help create rules for these events. Giving us log samples can also help. There is definitely a possibility for misconfiguration though. Without knowing how your systems are configured, it's hard to tell. > Thanks! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
