store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Wed Apr 16, 2014 2:15 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Apache log entries - Rule required
Unread postPosted: Tue Oct 05, 2010 6:43 am 
Offline
New Forum User
New Forum User

Joined: Tue Oct 05, 2010 4:44 am
Posts: 1
I need a rule to block the following Apache log entries,

We are running Plesk 8.6 + Centos and ASL
Plesk calculated the below log entries as http outgoing traffic and the domain ended up with a 16TB traffic total for the month :shock:

Please assist with a rule to stop Apache logging these entries, or is their perhaps a better way of avoiding these types of DDOS attacks.

Thanks

41.133.74.226 - - [27/Sep/2010:13:57:41 +0200] "GET /product_images/inter.jpg HTTP/1.1" 200 10179 "http:/specials.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; 9986066903; update/02025; 666604582703; 978806703; 89770703; 979904903; 96690603; 7879067903; 887806903; 896702903; 669601803; 98670903; 87690703; 698903577703; 78690803; 899702903; 96690974603; 88980703; 8878000703; 8769060903; 889808197903; 99660803; 969906874703; 98870603; 9887007903; 66860162703; 889802638703; 877907777703; 8977069703; 899702829703; 8878055703; 698902688903; 877900454903; 9996089803; 668606803; 96790160803; 88980903; 968902903; 7978038603; 999609804903; 876900140603; 8799027603; 979800912903; 78790803; 9768058903; 999608903; 9669093603; 977805070903; 99760376603; 7968017903; 88980603; 7899046803; 79980803; 979903955903; 89870886803; 97780703; 888808903; 7968080603; 9689076903; 98870961603; 79680703; 99960739703; 78990703; 89670803; 66960603; 9798058703; 9669058703; 9689043903; 788901603; 99960215703; 88780823903; 97680262603; 989706803; 78990075703; 69990487903; 97790603; 9689068703; 9966037603; 87890603; 9768049803; 799807998903; 797808729603; 969905603; 96890803; 789905954603; 9887005903; 66660981703; 987700903; 989708603; 987701603; 97980093903; 669604632803; 889807930903; 968903703; 977902803; 878900158603; 9689067703; 98770518803; 9689080903; 667604743703; 96690563803; 799808903; 9799052803; 787903799703; 98870703; 8967089703; 96690873903; 977809703; 979909108803; 696903903; 98870652703; 88680903; 978905306603; 669606503703; 996603903; 999605043903; 9788039803; 9699028903; 79780226603; 9769075903; 696903803; 9976031903; 789906479903; 87990731803; 798801807903; 889802521703; 89870301603; 997601955903; 9976065603; 977909409703; 967907115903; 79680903; 697904803; 98870132603; 89770603; 9768070703; 879906730803; 96690903; 668602603; 78690903; 78790234803; 9699083903; 876909753903; 668609299803; 89670353703; 69890175603; 8878089903; 987700703; 6666016903; 667600803; 976906603; 97690903; 977906903; 99860603; 99660603; 667601603; 66960074803; 988701704803; 896708866603; 698900703; 7998060803; 996604703903; 9996031803; 6676042703; 976802903; 78890903; 97890862803; 9799058603; 979907603; 798802805903; 8967008703; 878909803; 7889078803; 976908903; 8779015703; 9799041703; 9887058603; 787906881603; 79880987903; 898704603; 66860803; 87990767803; 69890803; 97890076703; 888801803; 7869001903; 79680269603; 69790803; 979908903; 87990803; 667604098903; 97990174603; 79980603; 96690751703; 8779045803; 9897033803; 8868005803; 66660603; 9788075703; 877906703; 789905318803; 69690803; 99760376703; 966908803; 97880603; 6666047903; 987705603; 878901952703; 978906533703; 87890049903; 969905734603; 88880079803; 997600409603; 789901603; 97780763703; 69790102603; 878906216903; 6979083703; 87790603; 98870906803; 79880099803; 976907389703; 998609279703; 98870318903; 9689092803; 799805603; 9986099803; 7988097603; 897709627703; 69790525803; 66960803; 97990703; 699903721603; 9798033603; 78690172803; 97990903; 997608603; 97890535703; 8769060803; 979809992703; 8967055803; 9986070603; 97880382703; 989706227703; 967904680603; 979901802803; 97890465903; 99660093803; 787909229703; 667600603; 876905603; 787901603; 666602803; 9996042903; 9679028603; 878903011703; 999609162903; 69690903; 97680573803; 69890603; 6969084803; 8967061703; 97680603; 7968078603; 898706362703; 8799000903; 788907803; 877902903; 698900213703; 888804803; 799802903; 9768004803; 899707486603; 897705703; 786904603; 7998093803; 78790980803; 888808204603; 978900603; 97790754803; 98870803; 6696050603; 7899042803; 9877029603; 698907223703; 66760872703; 987704603; 9789094903; 97980803; 87990281603; 89770072703; 98970603; 7869039603; 98770703; 6696053703; 9887009803; 977809089603; 88880903; 97780549603; 98670603; 8898090903; 97990843703; 977808097803; 6676054903; 97780903; 979806603; 988708903; 69890786903; 9779019603; 887805903; 877907126803; 9867087803; 888802688603; 996604603; 69890523703; 8799096903; 976904014703; 96790195703; 97990239


Top
 Profile  
 
 Post subject: Re: Apache log entries - Rule required
Unread postPosted: Tue Oct 05, 2010 12:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3545
Location: Chantilly, VA
SecRule REQUEST_HEADERS:User-Agent "mozilla/4\.0 \(compatible; msie 8.0; windows nt 5\.1.*([0-9]+; ){300,}" \
"id:999999,rev:1,severity:2,msg:'Custom Local Rule: Blocked UserAgent'"

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Apache log entries - Rule required
Unread postPosted: Sat Oct 30, 2010 5:05 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3545
Location: Chantilly, VA
As a followup, we added rules in for this to the Atomicorp rules on that day - so if you are running the Real Time rules you are protected from this.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group