For the last 24 hours I have been fighting an apparent DOS attack on a domain I have hosted. This attack is calling for very strange URL's and I was using mod_security and I need to figure out a rule set that will block these requests.
Now I an somewhat unsure if mod_security is even installed and working now after I rebuilt apache last night.
The requests are multiple requests per second from multiple IP's. Seems like I could ban ips from now until next year with no help. The requests look like this.
Now I an somewhat unsure if mod_security is even installed and working now after I rebuilt apache last night.
The requests are multiple requests per second from multiple IP's. Seems like I could ban ips from now until next year with no help. The requests look like this.
/55555œœœœœ
/LLLLLŒŒŒŒŒ
/¥¥¥¥¥°°°°°
/AAAAAfffff
/¥¥¥¥¥°°°°°
/OOOOO HTT
/ìììììCCCCC
/ááááávvvvv HTTP/1.0
/RRRRR<<<<< HTTP/1.0
/WWWWWÓÓÓÓÓ HTTP/1.0
/OOOOO HTTP/1.0
/ËËËËË''''' HTTP/1.0
/&&&&&³³³³³ HTTP/1.0
/ÆÆÆÆÆ¡¡¡¡¡ HTTP/1.0
/ËËËËË HTTP/1.0
/ÐÐÐÐÐÈÈÈÈÈ HTTP/1.0
/¿¿¿¿¿..... HTTP/1.0
/"""""ÉÉÉÉÉ HTTP/1.0
/·····rrrrr HTTP/1.0
}}}}}³³³³³ HTTP/1.0
/00000hhhhh HTTP/1.0
/¥¥¥¥¥sssss HTTP/1.0
/SSSSS HTTP/1.0
/QQQQQÀÀÀÀÀ HTTP/1.0
/UUUUUÒÒÒÒÒ HTTP/1.0
/ÒÒÒÒÒ HTTP/1.0
/ÃÃÃÃÃ HTTP/1.0
/ÙÙÙÙÙ××××× HTTP/1.0