0 
[Sat Jun 22 13:07:06 2013] [error] [client 208.80.194.26] File does not exist: /[removed]/2370604C4AB20069B35E9844BE72140307F553D33124FF9D0C91F136B307F81C1A998310533A1A8526DF06BBE8D5FEB5A0375FE33BFFDE5B237E4C8B95606331082E5E60D709B5DD318F4BDE3374

I'm seeing file requests like this every now and again in Apache's log, always with randomized filenames, and notice the odd hack attempt that's blocked by my security. Should I just block IPs myself, or is there an easier automated way? Cronjob of some sort perhaps? Or is there something else I should be doing? I can't seem to find anything about this through Google.

Improve this question

1 Answer 1

Reset to default
3

The reality is that these "attacks" are mostly just robots crawling the web looking for a specific webpage, or following links. If you have a "robots.txt" file and you expect that to stop them, it won't. If you are trying to reduce the consumption on traffic, then I have some suggestions below. If you only care about having your website accessed in your country, then you can use iptables and block all requests except from the IPv4 addresses allocated to your country. Find your country's registrar here.

If you want to protect your server, there is a few things you can do. First is use fail2ban. Set it up so that on certain attacks, it will automatically block the ip. You should also use ModSecurity for Apache's httpd. If you have the power on the system, I suggest an IDS; I recommend Suricata.

You could use a cronjob to grab the latest blacklist from the provider of your choice and create iptable rules for them...but that will slow down your connection a bit when you have a LOT of rules. (FYI, if you use an IDS, it will take care of the blacklists for you and will be faster).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.