how can I block the attack like this?

Jaap van Arragon j.vanarragon at lukkien.com
Tue Sep 4 13:49:21 UTC 2012


Hi,

If the user is coming from the same ip address you can block it in your
iptables or firewall.

Regards


On 9/4/12 3:45 PM, "magic.drums at gmail.com" <magic.drums at gmail.com> wrote:

> Hi,
> WAF(http://code.google.com/p/naxsi/) at possible solution?
> 
> Regards,
> 
> On Tue, Sep 4, 2012 at 10:42 AM, fhal <meteor8488 at 163.com> wrote:
>>  Hi all,
>> 
>> Today my server was attacked. After checked Nginx access log, I found logs
>> like below:
>> 
>> 
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>> 
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>> 
>> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
>> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>> 
>> 
>> 
>> It seems the attacker was using some tool to attack my server. You can see
>> that the user agent / browser version are blank.
>> 
>> Due to I can't block the blank user agent (some web browser is using blank
>> user agent, for example, UC), is there any way can I use to block this kind
>> of attack?
>> 
>> 
>> 
>> Thank
>> 
>> 
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120904/e07d50fd/attachment.html>


More information about the nginx mailing list