Mod_security and scan of port 443
Anyway i notice one thing more unusual under
- ModSecurity" Tools "
- Hits List Screenshot and even these files doesn't exist on my server.
-
Thanks for the reply how do i get rid of this requester (show him/her middle finger) ? Because no matter what they are still eating up my system memory/bandwidth and when it comes to real user they are facing time out on the server. 0 -
If the requests always come from the same IP address, I would recommend just blocking the IP address in the server's firewall. 0 -
Currently i am seeing about 2000 hits under ModSecurity" Tools "Hits List, so i don't think so its possible to block them one by one. Is there anyway i can download this list and block them ? or what is the best way to get rid of these ips 0 -
Install & use CSF to block ModSec hits. 0 -
I have installed & enabled CSF on my server. Can you provide more information on blocking ModSec hits in CSF? Thanks in advance. 0 -
I recommend deleting the access links to your server Post n" 5 0 -
@ciao70 - edited, thanks! 0 -
Can you provide more information on blocking ModSec hits in CSF?
I highly recommend that you run through the readme that is a part of CSF. IIRC, by default, CSF blocks anyone temporarily with more than 5 ModSec hits - I set blocks as permanent, for example.0 -
I set blocks as permanent, for example.
How was this done?0 -
LF_MODSEC = 5 LF_MODSEC_PERM = 1 means after 5 rule triggers it's permanent ban. 0 -
I'll regurgitate my default setting for CSF, hopefully for the benefit of others.. csf --profile apply protection_high csf --profile apply disable_alerts
<-- stops your server spamming your default email with every single alert. .. manually change a select few alerts, such as console access ..csf -r
0
Please sign in to leave a comment.
Comments
12 comments