Barracuda RBL download anywhere or other comparable?

Post Reply
consultant
Junior Member
Posts: 25
Joined: 24 Aug 2016, 04:49

Barracuda RBL download anywhere or other comparable?

Post by consultant »

I had an application level attack on a Wordpress site that brought the server to its knees. First time I've had this happen ever running about a half dozen small business websites. Configserver is loading multiple RBLs like FIREHOL, etc. I did a blacklist search and out of like 60 lists the IP only showed up on the Barracuda RBL. However the link to the actual RBL gives a 403 error. https://barracudacentral.org/rbl

The offending IP was 134.17.137.91

If I can't add the Barracuda RBL to configserver, what are my other best options? I'm not sure if the Wordfence plugin blacklist has the IP on it as I don't want to pay for premium Wordfence when I can use configserver.

I don't think these attacks can be blocked in realtime as any plugin would have a hard time determining if it's a legitimate bot scraping the site or not. Seems like it would have to be able to monitor the number of open PHP processes being spawned by a single user connection?
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Barracuda RBL download anywhere or other comparable?

Post by Sergio »

Are you using ModSecurity?
Does ModSecurity gives you the rule number that the offending IPs are triggering?
If so, then you can block the attacks in realtime creating your own CSF rules.

Sergio
Post Reply