Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Getting malicious requests
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Getting malicious requests

edited April 2015 in Help

Been getting a lot of these requests on my server this morning: http://codepad.co/s/613321

Looks like bots are scanning the server.

Is there any way to automatically block scans like this?

Comments

  • jarjar Patron Provider, Top Host, Veteran
    edited April 2015

    You'd spend a lot more time blocking malicious requests from a constantly changing pattern than you would making sure that there is nothing for them to find, and static caching your front page / 404 page so they have no real impact. At least, that's how I go about dealing with it.

    Thanked by 24n0nx KwiceroLTD
  • Install CSF on your server.

  • 4n0nx4n0nx Member

    I would do it like @Jar

  • jarjar Patron Provider, Top Host, Veteran

    @4n0nx said:
    I would do it like Jar

    image

    Thanked by 14n0nx
  • the

    80.82.70.24 - - [06/Apr/2015:10:55:28 +0000] "\x04\x01\x00P\xC0\x03\xB1\xAA0\x00" 400 166 "-" "-"

    request is pretty weird, looks like x0r or some other kind of encrypted string.

  • 4n0nx4n0nx Member

    Mark_R said: request is pretty weird, looks like x0r or some other kind of encrypted string.

    It's some sort of encoding. Hexadecimal UTF-8 maybe.

  • nexusrainnexusrain Member
    edited April 2015

    Ehh guys, what about just visiting the IP @Mark_R quoted? This might answer the question what this server is doing and also how to prevent it scanning your server in the future ;)

    Thanked by 2jar PrincessOfCats
  • jarjar Patron Provider, Top Host, Veteran

    @nexusrain said:
    Ehh guys, what about just visiting the IP Mark_R quoted? This might answer the question what this server is doing and also how to prevent it scanning your server in the future ;)

    Lol good catch :D

    We are happy to honor opt-out requests from future scans

  • 4n0nx4n0nx Member

    nexusrain said: Ehh guys, what about just visiting the IP @Mark_R quoted? This might answer the question what this server is doing ;)

    XD great idea. I still wonder about the string though, iirc proxy scanning looks like GET someurlhere ?

  • @Jar said:
    Lol good catch :D

    I was happy being able to help you :p

  • ModSec + CSF.

Sign In or Register to comment.