SOLVED Block abusive requests to website?

pyrographics

Registered
May 5, 2008
3
0
51
Hello @rpvw
I got a lot of attack reports via CXS watch about trying to upload a script in this form:

I created an executable file /usr/local/csf/bin/csfpre.sh as you wrote with this script:
Code:
iptables -A INPUT -p tcp --match multiport --dport 80,443 -m string --string 'wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php' --algo bm -j DROP
Also I moved the csfpre.sh file to /etc/csf/csfpre.sh
that didn't work
Someone adviced me that this may doesn't works because the request is for HTTPS
I appreciate any suggestion
Regards
I too am in search of a fix for this. I presume the iptables rule you adapted is for a query string on the URL and not the filename itself however I am not familiar with the syntax.
 

Shood

Well-Known Member
Aug 12, 2015
84
17
133
Middle East
cPanel Access Level
Root Administrator
I too am in search of a fix for this. I presume the iptables rule you adapted is for a query string on the URL and not the filename itself however I am not familiar with the syntax.
Hi @pyrographics
I blocked it via ModSecurity
Home »Security Center »ModSecurity™ Tools »Rules List, Add rule
Code:
SecRule REQUEST_URI "@contains YOUR-URL" "id:1001,phase:1,t:lowercase,log,deny,msg:'Warning, Access Denied'"
ModSecurity - version 3