Re: [mod-security-users] political web site attacked
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] political web site attacked
|
From: Ivan R. <iv...@we...> - 2005-03-22 08:08:26
|
Peter van Summeren wrote:
> Hello,
> this night a political web site in the Netherlands was attacked.
>
> I would like to know what can be done with mod-security and how it
> should be implemented.
I assume the web site is being subjected to a Denial of Service
attack? As a rule of thumb, the only effective defense against
DoS can be implemented on the firewall level before it even
reaches Apache. The real question is how do you find out the
IP addresses the attackers are coming from? Ideally you would
put an automated process in place, to send the IP addresses to
your firewall.
You need to tell us more about the problem:
1. How is the web server being attacked?
2. Is it a network-based attack (TCP or UDP packets) or
a HTTP-based attack (e.g. against Apache or an application
running on the server).
3. Can you determine the attacking IP addresses from the
logs?
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
