
<div dir="ltr">Hi,<div>WAF(<a href="http://code.google.com/p/naxsi/">http://code.google.com/p/naxsi/</a>) at possible solution?</div><div><br></div><div>Regards,<br><br><div class="gmail_quote">On Tue, Sep 4, 2012 at 10:42 AM, fhal <span dir="ltr"><<a href="mailto:meteor8488@163.com" target="_blank">meteor8488@163.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;font-size:14px;font-family:arial"> Hi all,<br><br>Today my server was attacked. After checked Nginx access log, I found logs like below:<br>

<br>


<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182

- - [04/Sep/2012:20:27:41 +0800] "GET

/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186

"-" "-" "-"</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">


</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182

- - [04/Sep/2012:20:27:41 +0800] "GET

/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186

"-" "-" "-"</p>


<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">116.114.17.182

- - [04/Sep/2012:20:27:41 +0800] "GET

/member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186

"-" "-" "-"</p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN"><br></p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">It seems the attacker was using some tool to attack my server. You can see that the user agent / browser version are blank.</p>

<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">Due to I can't block the blank user agent (some web browser is using blank user agent, for example, UC), is there any way can I use to block this kind of attack?</p>

<p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN"><br></p><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN">Thank<br></p>


</div><br><br><span title="neteasefooter"><span></span></span><br>_______________________________________________<br>

nginx mailing list<br>

<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>

<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Victor Pereira<br>

</div><br>

</div></div>