Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Getting malicious requests

PrincessOfCatsPrincessOfCats Member
edited April 2015 in Help

Been getting a lot of these requests on my server this morning: http://codepad.co/s/613321

Looks like bots are scanning the server.

Is there any way to automatically block scans like this?

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2015

    You'd spend a lot more time blocking malicious requests from a constantly changing pattern than you would making sure that there is nothing for them to find, and static caching your front page / 404 page so they have no real impact. At least, that's how I go about dealing with it.

    Thanked by 24n0nx KwiceroLTD
  • QuadraNet_AdamQuadraNet_Adam Member

    Install CSF on your server.

  • 4n0nx4n0nx Member

    I would do it like @Jar

  • jarjar Patron Provider, Top Host, Veteran

    @4n0nx said:
    I would do it like Jar

    image

    Thanked by 14n0nx
  • Mark_RMark_R Member

    the

    80.82.70.24 - - [06/Apr/2015:10:55:28 +0000] "\x04\x01\x00P\xC0\x03\xB1\xAA0\x00" 400 166 "-" "-"

    request is pretty weird, looks like x0r or some other kind of encrypted string.

  • 4n0nx4n0nx Member

    Mark_R said: request is pretty weird, looks like x0r or some other kind of encrypted string.

    It's some sort of encoding. Hexadecimal UTF-8 maybe.

  • nexusrainnexusrain Member
    edited April 2015

    Ehh guys, what about just visiting the IP @Mark_R quoted? This might answer the question what this server is doing and also how to prevent it scanning your server in the future ;)

    Thanked by 2jar PrincessOfCats
  • jarjar Patron Provider, Top Host, Veteran

    @nexusrain said:
    Ehh guys, what about just visiting the IP Mark_R quoted? This might answer the question what this server is doing and also how to prevent it scanning your server in the future ;)

    Lol good catch :D

    We are happy to honor opt-out requests from future scans

  • 4n0nx4n0nx Member

    nexusrain said: Ehh guys, what about just visiting the IP @Mark_R quoted? This might answer the question what this server is doing ;)

    XD great idea. I still wonder about the string though, iirc proxy scanning looks like GET someurlhere ?

  • nexusrainnexusrain Member

    @Jar said:
    Lol good catch :D

    I was happy being able to help you :p

  • hdpixelhdpixel Member

    ModSec + CSF.

Sign In or Register to comment.