Software: Apache. PHP/8.3.27 

uname -a: Linux pdx1-shared-a4-04 6.6.104-grsec-jammy+ #3 SMP Tue Sep 16 00:28:11 UTC 2025 x86_64 

uid=6659440(dh_z2jmpm) gid=2086089(pg10499364) groups=2086089(pg10499364)  

Safe-mode: OFF (not secure)

/etc/modsecurity/mod_sec3_CRS/   drwxr-xr-x
Free 709.47 GB of 879.6 GB (80.66%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    

Viewing file:     999_dreamhost_request_limits.conf (5.18 KB)      -rw-r--r--

#WhiteListing common WordPress Tool UAs
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile WPtoolUA.data" "id:999000,phase:1,nolog,allow,ctl:ruleEngine=off"

#Wordpress Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/xmlrpc.php" "chain,phase:1,id:999001,nolog,auditlog,deny,msg:'More than 11 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_XMLRPC=+1,expirevar:IP.HITCOUNT_XMLRPC=60"
		SecRule IP:HITCOUNT_XMLRPC "@gt 11"


#Bruteforce Mitigation
SecRule REQUEST_FILENAME "/article_add.php" "chain,phase:1,id:999002,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_ARTICLE_ADD=+1,expirevar:IP.HITCOUNT_ARTICLE_ADD=60"
		SecRule IP:HITCOUNT_ARTICLE_ADD "@gt 3"


#Wordpress Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/wp-comments-post.php" "chain,phase:1,id:999003,nolog,auditlog,deny,msg:'More than 11 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WP_COMMENTS=+1,expirevar:IP.HITCOUNT_WP_COMMENTS=60"
		SecRule IP:HITCOUNT_WP_COMMENTS "@gt 11"


#MoveableType Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/mt-comments.cgi" "chain,phase:1,id:999004,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_MT_COMMENTS=+1,expirevar:IP.HITCOUNT_MT_COMMENTS=60"
		SecRule IP:HITCOUNT_MT_COMMENTS "@gt 3"

#Forum Spam  Bruteforce Mitigation
SecRule REQUEST_FILENAME "/register.php" "chain,phase:2,id:999005,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "do\=addmember" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_REGISTER=+1,expirevar:IP.HITCOUNT_REGISTER=60"
			SecRule IP:HITCOUNT_REGISTER "@gt 3"

#Forum Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/ucp.php" "chain,phase:2,id:999006,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "mode\=register" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_UCP=+1,expirevar:IP.HITCOUNT_UCP=60"
			SecRule IP:HITCOUNT_UCP "@gt 3"

#Comment Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/add_comment.php" "chain,phase:1,id:999007,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_ADD_COMMENT=+1,expirevar:IP.HITCOUNT_ADD_COMMENT=60"
		SecRule IP:HITCOUNT_ADD_COMMENT "@gt 3"

#Drupal Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/register/" "chain,phase:2,id:999008,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "q\=user/register" chain
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_DRUPAL_REGISTER=+1,expirevar:IP.HITCOUNT_DRUPAL_REGISTER=60"
			SecRule IP:HITCOUNT_DRUPAL_REGISTER "@gt 3"

#MediaWiki Spam Bruteforce Mitigation
SecRule REQUEST_FILENAME "/index.php" "chain,phase:2,id:999009,nolog,auditlog,deny,msg:'More than 3 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule ARGS "title\=Special\:Userlogin" "chain"
		SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WIKI=+1,expirevar:IP.HITCOUNT_WIKI=60"
			SecRule IP:HITCOUNT_WIKI "@gt 3"


#WP-Login.php Bruteforce Mitigation
SecRule RESPONSE_STATUS "@eq 302" "chain,phase:3,t:none,nolog,setvar:IP.HITCOUNT_WP_LOGIN=0,id:999016,pass"
        SecRule REQUEST_FILENAME "/wp-login.php" "t:none,t:lowercase,chain"
                SecRule REQUEST_METHOD "@streq post"

SecRule REQUEST_FILENAME "/wp-login.php" "chain,phase:3,id:999017,t:none,nolog,allow"
        SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_WP_LOGIN=+1,expirevar:IP.HITCOUNT_WP_LOGIN=60"
                SecRule RESPONSE_STATUS "@eq 200"

SecRule IP:HITCOUNT_WP_LOGIN "@ge 5" "chain,phase:2,id:999012,nolog,auditlog,t:none,deny,msg:'More than 4 Invalid Authentication attempts to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
        SecRule REQUEST_METHOD "@streq POST" "setvar:IP.HITCOUNT_WP_LOGIN=0"

#Wordpress DDos Attack Mitigation
SecRule REQUEST_FILENAME "/load-scripts.php" "chain,phase:1,id:999013,nolog,auditlog,deny,msg:'More than 5 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
	SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_LOAD_SCRIPTS=+1,expirevar:IP.HITCOUNT_LOAD_SCRIPTS=60"
		SecRule IP:HITCOUNT_LOAD_SCRIPTS "@gt 5"

#Wordpress DDos Attack Mitigation
SecRule REQUEST_FILENAME "/load-styles.php" "chain,phase:1,id:999014,nolog,auditlog,deny,msg:'More than 5 hits to %{REQUEST_FILENAME} in 60 seconds',logdata:'%{MATCHED_VAR} requests seen'"
    SecRule REQUEST_METHOD "@streq POST" "chain,setvar:IP.HITCOUNT_LOAD_STATS=+1,expirevar:IP.HITCOUNT_LOAD_STATS=60"
	SecRule IP:HITCOUNT_LOAD_STATS "@gt 5"