rscalover

Well-Known Member
Dec 16, 2010
86
10
58
cPanel Access Level
Root Administrator
Hello,

I am seeing very strange requests in the mod_security log in whm what the f******** is that "rmdevice.samsung.com" thing ?????? i've tryed banning the ip or also the whole range doesn't help this morron keeps coming back.Mod_security answers with a 404 not found but it is annoying as hell i guess i'll have to block whole of Sweden and even then he (or she) could simply use a proxy or a vpn :mad:
 

Attachments

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,134
783
313
cPanel Access Level
Root Administrator
Hey there! It's interesting that the subdomain doesn't resolve, so it seems like this is a malicious request. Are yous seeing the IP address changing on the incoming request? If so, you could consider using country code blocks through a firewall to further limit traffic to your system, if you know you don't have traffic coming from the country in question. Both Imunify360 and CSF have this feature:

 

rscalover

Well-Known Member
Dec 16, 2010
86
10
58
cPanel Access Level
Root Administrator
Hey there! It's interesting that the subdomain doesn't resolve, so it seems like this is a malicious request. Are yous seeing the IP address changing on the incoming request? If so, you could consider using country code blocks through a firewall to further limit traffic to your system, if you know you don't have traffic coming from the country in question. Both Imunify360 and CSF have this feature:

That's what i mean with strange the ip is always the same but banning that ip in csf has no effect never seen this before.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,134
783
313
cPanel Access Level
Root Administrator
That part definitely would be odd to me as well, as once the IP is blocked in CSF I would expect it to not be able to make any connection to the server, and I definitely wouldn't expect it to get through to Apache. That might be a question that is better aimed at CSF is that tool isn't behaving correctly.