strange requests

R

rscalover

Well-Known Member
Dec 16, 2010
101
12
68
cPanel Access Level
Root Administrator
Hello,

I am seeing very strange requests in the mod_security log in whm what the f******** is that "rmdevice.samsung.com" thing ?????? i've tryed banning the ip or also the whole range doesn't help this morron keeps coming back.Mod_security answers with a 404 not found but it is annoying as hell i guess i'll have to block whole of Sweden and even then he (or she) could simply use a proxy or a vpn :mad:
 

Attachments

cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
15,223
2,420
363
cPanel Access Level
Root Administrator
Hey there! It's interesting that the subdomain doesn't resolve, so it seems like this is a malicious request. Are yous seeing the IP address changing on the incoming request? If so, you could consider using country code blocks through a firewall to further limit traffic to your system, if you know you don't have traffic coming from the country in question. Both Imunify360 and CSF have this feature:

support.cpanel.net

How to Block an IP or Country from Connecting to Your Server with Imunify360's Firewall

Imunify360's firewall feature allows for the blocking of countries and IPs to prevent them from connecting to your server. Be warned, however, that excessive use of filter rules can cause performan...
support.cpanel.net support.cpanel.net
community.centminmod.com

CSF - How to block country traffic in CSF Firewall

You can do country blocking at server's CSF Firewall level outlined at...
community.centminmod.com community.centminmod.com
 
R

rscalover

Well-Known Member
Dec 16, 2010
101
12
68
cPanel Access Level
Root Administrator
cPRex said:
Hey there! It's interesting that the subdomain doesn't resolve, so it seems like this is a malicious request. Are yous seeing the IP address changing on the incoming request? If so, you could consider using country code blocks through a firewall to further limit traffic to your system, if you know you don't have traffic coming from the country in question. Both Imunify360 and CSF have this feature:

support.cpanel.net

How to Block an IP or Country from Connecting to Your Server with Imunify360's Firewall

Imunify360's firewall feature allows for the blocking of countries and IPs to prevent them from connecting to your server. Be warned, however, that excessive use of filter rules can cause performan...
support.cpanel.net support.cpanel.net
community.centminmod.com

CSF - How to block country traffic in CSF Firewall

You can do country blocking at server's CSF Firewall level outlined at...
community.centminmod.com community.centminmod.com
Click to expand...
That's what i mean with strange the ip is always the same but banning that ip in csf has no effect never seen this before.
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
15,223
2,420
363
cPanel Access Level
Root Administrator
That part definitely would be odd to me as well, as once the IP is blocked in CSF I would expect it to not be able to make any connection to the server, and I definitely wouldn't expect it to get through to Apache. That might be a question that is better aimed at CSF is that tool isn't behaving correctly.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Strange programs running server Security 2
R Security advisor strange results Security 20
R Strange Virus in Cpanel Security 6
B Strange status in Apache status Security 5
H SOLVED Strange encoded requests in logs Security 3
Similar threads
Strange programs running server
Security advisor strange results
Strange Virus in Cpanel
Strange status in Apache status
SOLVED Strange encoded requests in logs
Top Bottom