Skip to main content

Thoughts on on bots examining common ports?

Comments

4 comments

  • SimpleSonic
    There's no need to be more aggressive. You will always have bots poking and prodding your servers for open ports, weak passwords, known vulnerabilities/exploits, etc. Being too aggressive will just block legitimate users and that is obviously something you don't want.
    0
  • jeffschips
    Thanks for that. I guess the question then is how to disable mod_security for those rules, i.e., /robots.txt and "/" which are the biggest, albeit not of consequence, offenders. Those rules seem to be hard-baked into mod_security. . .
    0
  • quietFinn
    Thanks for that. I guess the question then is how to disable mod_security for those rules, i.e., /robots.txt and "/" which are the biggest, albeit not of consequence, offenders. Those rules seem to be hard-baked into mod_security. . .

    Do you see those in /etc/apache2/logs/modsec_audit.log ? What rules are triggered? There should not be any rules "hard-baked" in ModSecurity...
    0
  • SimpleSonic
    Although getting constant block notifications can be annoying, your system recognizing and blocking bots and bad spiders/crawlers is something you want to see. Additionally, they're doing something more than just trying to look at robots.txt in order to trigger multiple modsecurity violations.
    0

Please sign in to leave a comment.