Hello!
On one of my server, I do have a moodle for a customer. OSSEC is running on this server. Since the update to the latest version of moodle, I got some customers blocked by OSSEC when surfing on this moodle. Checking the log, it seems they are blocked due to high amount of POST requests on :
/lib/ajax/service.php
/lib/ajax/service-nologin.php
Are those calls normal? I got around 20 calls to those URLs in few seconds. Is that ok?
Thx in advance!