[mod-security-users] Bad User-Agents?
Brought to you by:
victorhora,
zimmerletw
From: Albert E. W. <aewhale@ABS-CompTech.com> - 2008-12-28 17:52:25
|
Has anyone setup a rule for Bad User-Agents? This looks like a prime example in my book. 72.20.2.106 - - [28/Dec/2008:11:39:02 -0500] "GET /user/soapCaller.bs HTTP/1.1" 400 941 "-" "Morfeus Fucking Scanner" 72.20.2.106 - - [28/Dec/2008:11:39:02 -0500] "GET /user/soapCaller.bs HTTP/1.1" 400 941 "-" "Morfeus Fucking Scanner" 72.20.2.106 - - [28/Dec/2008:11:39:02 -0500] "GET /user/soapCaller.bs HTTP/1.1" 400 941 "-" "Morfeus Fucking Scanner" I think that I'll just actually employ a permanent block for these guys. host 72.20.2.106 106.2.20.72.in-addr.arpa domain name pointer Eternal.Dark-Solutions.Com. Their web server is not connecting. Anyone surprised by this? -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network and Systems Consultant ------------------------------------------------------------------------ ABS Computer Technology, Inc. <http://www.ABS-CompTech.com> - Email, Internet and Security Consultants |