how can I block the attack like this?

Wed Sep 5 00:48:43 UTC 2012

Thanks .
But it seems WAF can only support nginx which version is lower than 1.2.0.

At 2012-09-04 22:14:57,"magic.drums at gmail.com" <magic.drums at gmail.com> wrote:

what I see is that you want to block XSS attacks and code injection, that is why I recommend a WAF

Regards,

On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon <j.vanarragon at lukkien.com> wrote:

Hi,

If the user is coming from the same ip address you can block it in your iptables or firewall.

Regards

On 9/4/12 3:45 PM, "magic.drums at gmail.com" <magic.drums at gmail.com> wrote:

Hi,
WAF(http://code.google.com/p/naxsi/) at possible solution?

Regards,

On Tue, Sep 4, 2012 at 10:42 AM, fhal <meteor8488 at 163.com> wrote:
 Hi all,

Today my server was attacked. After checked Nginx access log, I found logs like below:

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"

116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"

It seems the attacker was using some tool to attack my server. You can see that the user agent / browser version are blank.

Due to I can't block the blank user agent (some web browser is using blank user agent, for example, UC), is there any way can I use to block this kind of attack?

Thank

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

--

Victor Pereira

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120905/7efef9d0/attachment.html>