Hi
@cPanelAnthony
I know how that works. The main problem is i'm receiving GET attacks to
http://server.hostname.com (main hostname of server) and of course its redirecting to defaultwebpage.cgi
I've changed file name so it returns 403 and added rules to mod_sec to block more than 5 times 403 requests. It works when i try to refresh 5 times but it does not work for attacker.
Almost all requests (attacks) comes from googleusercontent.com. Is there a known method to prevent or mitigate these type of attack ?
Currently mod_sec is active, my server is behind a WAF and CSF running (CSF not blocking anything btw unless i manually add the IP address)
Here some rows from /usr/local/apache/access_log
Code:
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
Regards.