<HTML>
<HEAD>
<TITLE>Re: how can I block the attack like this?</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hi,<BR>
<BR>
If the user is coming from the same ip address you can block it in your iptables or firewall.<BR>
<BR>
Regards<BR>
<BR>
<BR>
On 9/4/12 3:45 PM, "<a href="magic.drums@gmail.com">magic.drums@gmail.com</a>" <<a href="magic.drums@gmail.com">magic.drums@gmail.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Hi,<BR>
WAF(<a href="http://code.google.com/p/naxsi/">http://code.google.com/p/naxsi/</a>) at possible solution?<BR>
<BR>
Regards,<BR>
<BR>
On Tue, Sep 4, 2012 at 10:42 AM, fhal <<a href="meteor8488@163.com">meteor8488@163.com</a>> wrote:<BR>
</SPAN></FONT><BLOCKQUOTE><SPAN STYLE='font-size:11pt'><FONT FACE="Arial"> Hi all,<BR>
<BR>
Today my server was attacked. After checked Nginx access log, I found logs like below:<BR>
<BR>
<BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"<BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"<BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"<BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"><BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">It seems the attacker was using some tool to attack my server. You can see that the user agent / browser version are blank.<BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">Due to I can't block the blank user agent (some web browser is using blank user agent, for example, UC), is there any way can I use to block this kind of attack?<BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"><BR>
</FONT><FONT FACE="Arial"><BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial">Thank<BR>
<BR>
<BR>
<BR>
_______________________________________________<BR>
nginx mailing list<BR>
<a href="nginx@nginx.org">nginx@nginx.org</a><BR>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a><BR>
</FONT></SPAN></BLOCKQUOTE><SPAN STYLE='font-size:11pt'><FONT FACE="Calibri, Verdana, Helvetica, Arial"><BR>
<BR>
</FONT></SPAN></BLOCKQUOTE>
</BODY>
</HTML>