how can I block the attack like this?
magic.drums at gmail.com
magic.drums at gmail.com
Tue Sep 4 14:14:57 UTC 2012
what I see is that you want to block XSS attacks and code injection, that
is why I recommend a WAF
Regards,
On Tue, Sep 4, 2012 at 10:49 AM, Jaap van Arragon
<j.vanarragon at lukkien.com>wrote:
> Hi,
>
> If the user is coming from the same ip address you can block it in your
> iptables or firewall.
>
> Regards
>
>
>
> On 9/4/12 3:45 PM, "magic.drums at gmail.com" <magic.drums at gmail.com> wrote:
>
> Hi,
> WAF(http://code.google.com/p/naxsi/) at possible solution?
>
> Regards,
>
> On Tue, Sep 4, 2012 at 10:42 AM, fhal <meteor8488 at 163.com> wrote:
>
> Hi all,
>
> Today my server was attacked. After checked Nginx access log, I found logs
> like below:
>
>
> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>
> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>
> 116.114.17.182 - - [04/Sep/2012:20:27:41 +0800] "GET
> /member.php??username=xxxx&rndnum=-1777927191 HTTP/1.1" 500 186 "-" "-" "-"
>
>
>
> It seems the attacker was using some tool to attack my server. You can see
> that the user agent / browser version are blank.
>
> Due to I can't block the blank user agent (some web browser is using blank
> user agent, for example, UC), is there any way can I use to block this kind
> of attack?
>
>
>
> Thank
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
--
Victor Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120904/3c9de1b3/attachment-0001.html>
More information about the nginx
mailing list