Post attack

Post Reply
vmicovic
Junior Member
Posts: 25
Joined: 25 Oct 2007, 12:50

Post attack

Post by vmicovic »

Hello,

i get post attack on one website:
174.124.254.155 - - [30/Jul/2014:11:07:33 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
130.0.155.49 - - [30/Jul/2014:11:07:34 +0100] "POST / HTTP/1.0" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
122.179.163.63 - - [30/Jul/2014:11:07:34 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
95.7.18.120 - - [30/Jul/2014:11:07:36 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
93.156.156.128 - - [30/Jul/2014:11:07:37 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
122.179.163.63 - - [30/Jul/2014:11:07:37 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
79.174.248.129 - - [30/Jul/2014:11:07:39 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
2.37.87.148 - - [30/Jul/2014:11:07:42 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
180.249.140.233 - - [30/Jul/2014:11:07:42 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
210.212.213.228 - - [30/Jul/2014:11:07:45 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
114.146.104.44 - - [30/Jul/2014:11:07:46 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
71.50.116.151 - - [30/Jul/2014:11:07:47 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
93.42.84.179 - - [30/Jul/2014:11:07:47 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
188.247.77.56 - - [30/Jul/2014:11:07:49 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
122.179.163.63 - - [30/Jul/2014:11:07:49 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
213.149.18.191 - - [30/Jul/2014:11:07:50 +0100] "POST / HTTP/1.1" 302 204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
and have many more IP`s.
I made workaround with htaccess:

Code: Select all

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} "MSIE 6.0"
RewriteRule ^(.*)$ http://127.0.0.1:445$1 [R,L]

But problem is that attack is there 2 days...
Is there option to automatic block those post attacks with csf?
(something like, more than 3 post from same IP, to block)


thank you.
Top
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: Post attack

Post by Sergio »

yes, you can create a regex an add it to the regex.custom.pm file in your CSF, check the readme file.

Check the sticky to see some regex rules and use them as examples to create yours.
Top
Post Reply

Return to “General Discussion (csf)”