<div style="line-height:1.7;color:#000000;font-size:14px;font-family:arial"> Hi all,<br><br>Today my server was attacked. After checked Nginx access log, I found logs like below:<br><br>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182
- - [04/Sep/2012:20:27:41 +0800] "GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186
"-" "-" "-"</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">
</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182
- - [04/Sep/2012:20:27:41 +0800] "GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186
"-" "-" "-"</p>
<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182
- - [04/Sep/2012:20:27:41 +0800] "GET
/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186
"-" "-" "-"</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN"><br></p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">It seems the attacker was using some tool to attack my server. You can see that the user agent / browser version are blank.</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">Due to I can't block the blank user agent (some web browser is using blank user agent, for example, UC), is there any way can I use to block this kind of attack?</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN"><br></p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">Thank<br></p>
</div><br><br><span title="neteasefooter"><span id="netease_mail_footer"></span></span>