how can I block the attack like this?
fhal
meteor8488 at 163.com
Tue Sep 4 13:42:00 UTC 2012
Hi all,
Today my server was attacked. After checked Nginx access log, I found logs like below:
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
It seems the attacker was using some tool to attack my server. You can see that the user agent / browser version are blank.
Due to I can't block the blank user agent (some web browser is using blank user agent, for example, UC), is there any way can I use to block this kind of attack?
Thank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120904/36e4595b/attachment.html>
More information about the nginx
mailing list