[mod-security-users] R: stop post attack..
Brought to you by:
victorhora,
zimmerletw
From: Webstyler.it <in...@we...> - 2010-03-03 17:20:45
|
Hello Ivan IP still change Is a good idea to ban ? thanks -----Messaggio originale----- Da: Ivan Ristic [mailto:iva...@gm...] Inviato: mercoledì 3 marzo 2010 17.58 A: Webstyler.it Cc: mod...@li... Oggetto: Re: [mod-security-users] stop post attack.. On Wed, Mar 3, 2010 at 3:58 PM, Webstyler.it <in...@we...> wrote: > Hi > > many process httpd with high cpu usage > > all to one specify server account with > > POST /images/yahoo/index.php HTTP/1.1 > > We have check but not exist dir yahoo under /images of these user.. > > Could we stop this with specify mod_security rules ? > > We know the account (or domain) attacked > > Server run with linux centos, apache 2, whm/cpanel, php5, mysql5 My advice would be to have a ModSecurity rule to record the IP addresses performing the POST. You should then use the list to create a blacklist in IP tables. You can also use the blacklist tool (from http://www.apachesecurity.net/tools/) and have ModSecurity use it directly. > thanks > > __________ Informazioni da ESET NOD32 Antivirus, versione del database delle > firme digitali 4912 (20100303) __________ > > Il messaggio è stato controllato da ESET NOD32 Antivirus. > > www.nod32.it > > ---------------------------------------------------------------------------- -- > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Appliances, Rule Sets and Support: > http://www.modsecurity.org/breach/index.html > > -- Ivan Ristic ModSecurity Handbook [http://www.modsecurityhandbook.com] SSL Labs [https://www.ssllabs.com/ssldb/] __________ Informazioni da ESET NOD32 Antivirus, versione del database delle firme digitali 4912 (20100303) __________ Il messaggio è stato controllato da ESET NOD32 Antivirus. www.nod32.it __________ Informazioni da ESET NOD32 Antivirus, versione del database delle firme digitali 4912 (20100303) __________ Il messaggio è stato controllato da ESET NOD32 Antivirus. www.nod32.it |