[Oisf-users] Rules to Drop Apache attack

[Mesra.net CEO]

Dear Suricata


I’m facing lot of attack to my Apache for example to the path /usr/local/apache/htdocs and on error_log show as:

[Sun Sep 30 05:33:40.605498 2018] [:error] [pid 25084] [client 192.144.164.246:16666] File does not exist: /usr/local/apache/htdocs/help.php
[Sun Sep 30 05:33:40.959279 2018] [:error] [pid 21760] [client 192.144.164.246:16773] File does not exist: /usr/local/apache/htdocs/tiandi.php
[Sun Sep 30 05:33:41.321576 2018] [:error] [pid 1804] [client 192.144.164.246:16864] File does not exist: /usr/local/apache/htdocs/miao.php
[Sun Sep 30 05:33:41.670767 2018] [:error] [pid 3712] [client 192.144.164.246:16931] File does not exist: /usr/local/apache/htdocs/xz.php
[Sun Sep 30 05:33:42.015335 2018] [:error] [pid 31462] [client 192.144.164.246:17003] File does not exist: /usr/local/apache/htdocs/linuxse.php
[Sun Sep 30 05:33:42.372111 2018] [:error] [pid 21759] [client 192.144.164.246:17140] File does not exist: /usr/local/apache/htdocs/zuoindex.php
[Sun Sep 30 05:33:42.718339 2018] [:error] [pid 3653] [client 192.144.164.246:17240] File does not exist: /usr/local/apache/htdocs/zshmindex.php
[Sun Sep 30 05:33:44.217790 2018] [:error] [pid 25016] [client 192.144.164.246:17415] File does not exist: /usr/local/apache/htdocs/ceshi.php
[Sun Sep 30 05:33:44.565297 2018] [:error] [pid 1669] [client 192.144.164.246:17528] File does not exist: /usr/local/apache/htdocs/boots.php
[Sun Sep 30 05:33:44.959865 2018] [:error] [pid 25084] [client 192.144.164.246:17622] File does not exist: /usr/local/apache/htdocs/she.php

So how to make a rules with that kind of attack?

Please advice. Thank you so much







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180930/31ec32e6/attachment.html>