[Oisf-users] Rules to Drop Apache attack
Mesra.net CEO
admin at mesra.my
Sat Sep 29 22:24:52 UTC 2018
Dear Suricata
I’m facing lot of attack to my Apache for example to the path /usr/local/apache/htdocs and on error_log show as:
[Sun Sep 30 05:33:40.605498 2018] [:error] [pid 25084] [client 192.144.164.246:16666] File does not exist: /usr/local/apache/htdocs/help.php
[Sun Sep 30 05:33:40.959279 2018] [:error] [pid 21760] [client 192.144.164.246:16773] File does not exist: /usr/local/apache/htdocs/tiandi.php
[Sun Sep 30 05:33:41.321576 2018] [:error] [pid 1804] [client 192.144.164.246:16864] File does not exist: /usr/local/apache/htdocs/miao.php
[Sun Sep 30 05:33:41.670767 2018] [:error] [pid 3712] [client 192.144.164.246:16931] File does not exist: /usr/local/apache/htdocs/xz.php
[Sun Sep 30 05:33:42.015335 2018] [:error] [pid 31462] [client 192.144.164.246:17003] File does not exist: /usr/local/apache/htdocs/linuxse.php
[Sun Sep 30 05:33:42.372111 2018] [:error] [pid 21759] [client 192.144.164.246:17140] File does not exist: /usr/local/apache/htdocs/zuoindex.php
[Sun Sep 30 05:33:42.718339 2018] [:error] [pid 3653] [client 192.144.164.246:17240] File does not exist: /usr/local/apache/htdocs/zshmindex.php
[Sun Sep 30 05:33:44.217790 2018] [:error] [pid 25016] [client 192.144.164.246:17415] File does not exist: /usr/local/apache/htdocs/ceshi.php
[Sun Sep 30 05:33:44.565297 2018] [:error] [pid 1669] [client 192.144.164.246:17528] File does not exist: /usr/local/apache/htdocs/boots.php
[Sun Sep 30 05:33:44.959865 2018] [:error] [pid 25084] [client 192.144.164.246:17622] File does not exist: /usr/local/apache/htdocs/she.php
So how to make a rules with that kind of attack?
Please advice. Thank you so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180930/31ec32e6/attachment.html>
More information about the Oisf-users
mailing list