The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hammered by the Twiceler bot. Trying to come up with a mod_security rule.

Discussion in 'Security' started by jols, Jun 22, 2009.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    We are seeing plenty of bandwidth go down the drain due to near continuous hits from the Twiceler bot. But so far my attempt at putting up a mod_security rule for this does not work.

    Here's the kind of thing I am seeing in the Apache logs:
    38.99.13.118 - - [22/Jun/2009:00:28:08 -0500] "GET /merapanna?m=20090518&lang=ja HTTP/1.0" 404 - "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)"

    ... and here's my rule:
    SecRule REQUEST_HEADERS:User-Agent "Twiceler"

    Can anyone suggest an improvement here?

    Thanks very much in advance.
     

Share This Page