Way to face HTTP apache crawling and bruteforce?
Hello,
i am using cPanel v110.0.17 on a CentOS 7.9 VPS.
Lately i am noticing a lot of crawling or brute force HTTP attempts causing CPU load increase.
A sample of these attempts can be seen here :
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/de/products/milking-systems/sheep-goat/sg-trolley HTTP/1.1" 200 107416 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/de/products/milking-systems/cows/herd-management HTTP/1.1" 200 95643 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/fr/products/cooling-storage/mp-robotic HTTP/1.1" 200 106574 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/el/library-item/item/49-mp-milkcab-greek HTTP/1.1" 200 99795 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/ru/license-and-terms-ru HTTP/1.1" 200 95947 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:27 +0300] "GET /site/index.php/de/products/milking-systems/sheep-goat/mp-armektron-fast-4-all HTTP/1.1" 200 132934 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/es/products/farming-equipment/cows/farm-equipment/headlocks HTTP/1.1" 200 107844 "-""Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/fr/company/company HTTP/1.1" 200 94364 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/es/products/farming-equipment/cows/farm-equipment/brushes HTTP/1.1" 200 107227 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/fr/company/research HTTP/1.1" 200 93483 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/el/library-item/item/265-mp-armektron-sheep-fr HTTP/1.1" 200 99946 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/de/products/farming-equipment/cows/farm-equipment/scrapers HTTP/1.1" 200 108472 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/el/recent-news/754-news-jan-2020 HTTP/1.1" 200 104933 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:35 +0300] "GET /site/index.php/en/company/company HTTP/1.1" 200 96966 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/ru/products/milking-systems/cows/herd-management/afifarm HTTP/1.1" 200 114716 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/ru/company/csr HTTP/1.1" 200 101643 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/el/recent-news/747-news-sep-2020 HTTP/1.1" 200 103812 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/de/recent-news/756-news-feb-2020b HTTP/1.1" 200 93026 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/el/products/milking-systems/sheep-goat/mp-armektron-smart-4-small HTTP/1.1" 200 129174 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/es/products/cooling-storage/tank-washing/mpp-standard HTTP/1.1" 200 107556 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/el/products/milking-systems/cows/herd-management HTTP/1.1" 200 101775 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:43 +0300] "GET /site/index.php/es/recent-news/336-news3-en HTTP/1.1" 200 94376 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/de/portfolio HTTP/1.1" 200 129473 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/el/component/content/ HTTP/1.1" 200 103249 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/en/products/farming-equipment/sheep-goat/farm-equipment/feeding-belts HTTP/1.1" 200 114304 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/el/library-item/item/56-mp-pasteurizer-gr HTTP/1.1" 200 99821 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/es/products/farming-equipment/cows/feeding-solutions HTTP/1.1" 200 93601 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/ru/products/transportation/mp-coolmilk-transfer/mp-coolmilk-water HTTP/1.1" 200 122133 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/el/products/cooling-storage/tank-washing HTTP/1.1" 200 101195 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:50:48 +0300] "GET /site/index.php/el/96-recent-news-en HTTP/1.1" 200 169127 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/el/recent-news HTTP/1.1" 200 108174 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/de/company/facilities HTTP/1.1" 200 101737 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/en/company/financial HTTP/1.1" 200 94787 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/es/products/cooling-storage/mp-robotic HTTP/1.1" 200 107447 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/fr/products/cooling-storage/mp-powertank HTTP/1.1" 200 129470 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/fr/ HTTP/1.1" 200 145181 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/el/products/milking-systems/cows/mp-armektron-dynamic HTTP/1.1" 200 133886 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:01 +0300] "GET /site/index.php/en/products/milking-systems/sheep-goat/mp-armektron-easy-set-up HTTP/1.1" 200 112055"-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:01 +0300] "GET /site/index.php/en/recent-news/336-news3-en HTTP/1.1" 200 96708 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:01 +0300] "GET /site/index.php/el/portfolio HTTP/1.1" 200 135574 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:01 +0300] "GET /site/index.php/ru/products/solutions HTTP/1.1" 200 98161 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:00 +0300] "GET /site/index.php/el/2-uncategorised HTTP/1.1" 200 169719 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:01 +0300] "GET /site/index.php/en/ HTTP/1.1" 200 147103 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:03 +0300] "GET /site/index.php/es/company/in-memory HTTP/1.1" 200 92963 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/es/products/milking-systems/cows/cow-trolley HTTP/1.1" 200 104713 "-" "Scrapy/2.11.1(+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/en/products/milking-systems/sheep-goat/mp-armektron-fast-4-all HTTP/1.1" 200 132902 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/es/products/milking-systems HTTP/1.1" 200 92034 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/el/new-products HTTP/1.1" 200 99716 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/el/products/cooling-storage/mp-powertank HTTP/1.1" 200 144197 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/el/products/milking-systems/sheep-goat HTTP/1.1" 200 102412 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:04 +0300] "GET /site/index.php/de/products/transportation HTTP/1.1" 200 95415 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/el/mp-armektron-pulse-wash HTTP/1.1" 404 851 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/el/portfolio-2/farm-dubai HTTP/1.1" 200 113157 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/fr/company/quality HTTP/1.1" 200 92990 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/el/library-item/item/166-mp-pasteurizer-en HTTP/1.1" 200 99820 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/el/recent-news/798-sxedia-veltiosis-paroxi-exoplismou-stavlon HTTP/1.1" 200 116333 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/el/products/milking-systems/sheep-goat/mp-rotary-sg HTTP/1.1" 200 115855 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:17 +0300] "GET /site/index.php/es/products/farming-equipment/cows/feeding-solutions/drinking-troughs HTTP/1.1" 200 110397 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
164.30.24.24 - - [03/Jul/2024:12:51:18 +0300] "GET /site/index.php/ru/products/farming-equipment HTTP/1.1" 200 97758 "-" "Scrapy/2.11.1 (+https://scrapy.org)"
Right now i have cPHulk disabled and i am not using WAF on my single hosted website.
For that reason i am forced to manually monitor such attempts and blacklist the IPs at CSF Firewall.
I also think i have modescurity enabled :
Since i am not really a fan of cPHulk (i've had some issues in the past and i think it does not prevent HTTP apache attacks in the first place), can you propose alternative methods to be protected against such attacks/attempts?
Thank you in advance.
Please sign in to leave a comment.
Comments
0 comments