How can I block the attack like this?

Hi all,

Today my server was attacked. After checked Nginx access log, I found
logs like below:

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

It seems the attacker was using some tool to attack my server. You can
see that the user agent / browser version are blank.

Due to I can’t block the blank user agent (some web browser is using
blank user agent, for example, UC), is there any way can I use to block
this kind of attack?

Thank

Hi,
WAF(http://code.google.com/p/naxsi/) at possible solution?

Regards,

Hi,

If the user is coming from the same ip address you can block it in your
iptables or firewall.

Regards

what I see is that you want to block XSS attacks and code injection,
that
is why I recommend a WAF

Regards,

On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon

Thanks .
But it seems WAF can only support nginx which version is lower than
1.2.0.

At 2012-09-04 22:14:57,“[email protected][email protected]
wrote:

what I see is that you want to block XSS attacks and code injection,
that is why I recommend a WAF

Regards,

On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon
[email protected] wrote:

Hi,

If the user is coming from the same ip address you can block it in your
iptables or firewall.

Regards

On 9/4/12 3:45 PM, “[email protected][email protected]
wrote:

Hi,
WAF(http://code.google.com/p/naxsi/) at possible solution?

Regards,

On Tue, Sep 4, 2012 at 10:42 AM, fhal [email protected] wrote:
Hi all,

Today my server was attacked. After checked Nginx access log, I found
logs like below:

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] “GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1” 500 186 “-” “-”
“-”

It seems the attacker was using some tool to attack my server. You can
see that the user agent / browser version are blank.

Due to I can’t block the blank user agent (some web browser is using
blank user agent, for example, UC), is there any way can I use to block
this kind of attack?

Thank


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

Victor Pereira

Try the limit_conn moule:
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html.

Or the limit_req module:
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html.

2012/9/5 [email protected] [email protected]:

I see that the documentation says it works only with older versions of
nginx and according to what I see in the installation manual can be
compiled with any version of nginx

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs