how can I block the attack like this?

magic.drums at gmail.com magic.drums at gmail.com
Wed Sep 5 01:47:52 UTC 2012


I see that the documentation says it works only with older versions of
nginx and according to what I see in the installation manual can be
compiled with any version of nginx
On Sep 4, 2012 9:49 PM, "fhal" <meteor8488 at 163.com> wrote:

> Thanks .
> But it seems WAF can only support nginx which version is lower than 1.2.0.
>
>
> At 2012-09-04 22:14:57,"magic.drums at gmail.com" <magic.drums at gmail.com>
> wrote:
>
> what I see is that you want to block XSS attacks and code injection, that
> is why I recommend a WAF
>
> Regards,
>
> On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon <
> j.vanarragon at lukkien.com> wrote:
>
>>  Hi,
>>
>> If the user is coming from the same ip address you can block it in your
>> iptables or firewall.
>>
>> Regards
>>
>>
>>
>> On 9/4/12 3:45 PM, "magic.drums at gmail.com" <magic.drums at gmail.com> wrote:
>>
>> Hi,
>> WAF(http://code.google.com/p/naxsi/) at possible solution?
>>
>> Regards,
>>
>> On Tue, Sep 4, 2012 at 10:42 AM, fhal <meteor8488 at 163.com> wrote:
>>
>>  Hi all,
>>
>> Today my server was attacked. After checked Nginx access log, I found
>> logs like below:
>>
>>
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>>
>>
>>
>> It seems the attacker was using some tool to attack my server. You can
>> see that the user agent / browser version are blank.
>>
>> Due to I can't block the blank user agent (some web browser is using
>> blank user agent, for example, UC), is there any way can I use to block
>> this kind of attack?
>>
>>
>>
>> Thank
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
>
> --
> Victor Pereira
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120904/453f7ccb/attachment-0001.html>


More information about the nginx mailing list