New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Getting malicious requests
PrincessOfCats
Member
Been getting a lot of these requests on my server this morning: http://codepad.co/s/613321
Looks like bots are scanning the server.
Is there any way to automatically block scans like this?
Comments
You'd spend a lot more time blocking malicious requests from a constantly changing pattern than you would making sure that there is nothing for them to find, and static caching your front page / 404 page so they have no real impact. At least, that's how I go about dealing with it.
Install CSF on your server.
I would do it like @Jar
the
80.82.70.24 - - [06/Apr/2015:10:55:28 +0000] "\x04\x01\x00P\xC0\x03\xB1\xAA0\x00" 400 166 "-" "-"
request is pretty weird, looks like x0r or some other kind of encrypted string.
It's some sort of encoding. Hexadecimal UTF-8 maybe.
Ehh guys, what about just visiting the IP @Mark_R quoted? This might answer the question what this server is doing and also how to prevent it scanning your server in the future
Lol good catch
XD great idea. I still wonder about the string though, iirc proxy scanning looks like GET someurlhere ?
I was happy being able to help you
ModSec + CSF.