Re: Apache in under attack.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

How to find pattern:
Look at log.
Find bad things that are similar.

Then:
Block bad things from reaching web server.

On Mon, Jan 11, 2021 at 6:49 PM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote:
How to find pattern?
Log show me: https://paste.ubuntu.com/p/MjjVMvRrQc/






On Tuesday, January 12, 2021, 03:06:12 AM GMT+3:30, Filipe Cifali <cifali.filipe@xxxxxxxxx> wrote:





Yeah it's probably not going to matter if you don't know what's attacking you before setting up the rules, you need to find the patterns, either the attack target or the attackers origins.

On Mon, Jan 11, 2021 at 8:26 PM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote:
> I used a rule like:
>
> # firewall-cmd --permanent --zone="public" --add-rich-rule='rule port port="80" protocol="tcp" accept limit value="100/s" log prefix="HttpsLimit" level="warning" limit value="100/s"'
>
> But not matter.
>
>
>
>
>
>
> On Tuesday, January 12, 2021, 02:47:01 AM GMT+3:30, Filipe Cifali <cifali.filipe@xxxxxxxxx> wrote:
>
>
>
>
>
> You need to investigate your logs and find common patterns there, also there are different tools to handle small and big workloads like you could use iptables/nftables to block based on patterns and number of requests.
>
> On Mon, Jan 11, 2021 at 8:06 PM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote:
>> Hello,
>> On a CentOS web server with Apache, someone make a lot of request and it make slowing server. when I disable "httpd" service then problem solve. How can I find who made a lot of request?
>> [url]https://imgur.com/O33g3ql[/url]
>> Any idea to solve it?
>>
>>
>> Thank you.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
>
> --
> [ ]'s
>
> Filipe Cifali Stangler
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>


--
[ ]'s

Filipe Cifali Stangler


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux