mitigating apache attack

S

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
419
error_log-20230723:[Mon Jul 17 14:30:38.519246 2023] [core:error] [pid 949899:tid 140075962709760] [client 213.109.202.66:38288] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Mon Jul 17 23:59:43.710036 2023] [authz_core:error] [pid 987170:tid 140077606893312] [client 35.216.237.60:38660] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230723:[Tue Jul 18 05:32:01.647598 2023] [core:error] [pid 1005795:tid 140075979495168] [client 213.109.202.66:38516] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Tue Jul 18 09:30:23.167730 2023] [core:error] [pid 1019786:tid 140073983014656] [client 193.32.162.190:39662] AH10244: invalid URI path (/../../mnt/mtd/Config/Account1)
error_log-20230723:[Tue Jul 18 11:00:59.165969 2023] [core:error] [pid 1024619:tid 140077581715200] [client 193.32.162.190:50916] AH10244: invalid URI path (/../../mnt/mtd/Config/Account2)
error_log-20230723:[Tue Jul 18 19:44:18.326846 2023] [core:error] [pid 1057076:tid 140075409053440] [client 213.109.202.66:52622] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Wed Jul 19 09:34:09.951062 2023] [core:error] [pid 1102274:tid 140076390541056] [client 213.109.202.66:35290] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Thu Jul 20 11:03:06.372113 2023] [core:error] [pid 1190208:tid 140078227330816] [client 213.109.202.66:58708] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Thu Jul 20 22:23:50.830674 2023] [core:error] [pid 1234345:tid 140076122105600] [client 213.109.202.66:57922] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Fri Jul 21 12:22:50.354600 2023] [core:error] [pid 1286932:tid 140273287948032] [client 213.109.202.66:47762] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Sat Jul 22 08:37:22.118038 2023] [core:error] [pid 1352340:tid 140274336511744] [client 213.109.202.66:50408] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230723:[Sat Jul 22 21:58:57.109800 2023] [core:error] [pid 1397762:tid 140274344904448] [client 213.109.202.66:39030] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Sun Jul 23 14:52:29.534058 2023] [core:error] [pid 1465370:tid 140277557409536] [client 213.109.202.66:41106] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Sun Jul 23 20:30:51.424163 2023] [authz_core:error] [pid 1488141:tid 140273816426240] [client 195.96.137.8:58142] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Sun Jul 23 20:30:52.704441 2023] [authz_core:error] [pid 1488141:tid 140275435431680] [client 195.96.137.8:32906] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Mon Jul 24 15:59:54.745970 2023] [authz_core:error] [pid 1559727:tid 140276467209984] [client 35.216.237.60:48302] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Mon Jul 24 17:47:00.730249 2023] [core:error] [pid 1567230:tid 140273690601216] [client 213.109.202.66:51184] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Tue Jul 25 05:20:16.055820 2023] [core:error] [pid 1608399:tid 140277272516352] [client 213.109.202.66:49716] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Wed Jul 26 03:32:38.123301 2023] [core:error] [pid 1701579:tid 140277029259008] [client 213.109.202.66:44690] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Wed Jul 26 04:54:27.238265 2023] [authz_core:error] [pid 1704567:tid 140274034538240] [client 172.104.137.47:57448] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Wed Jul 26 04:54:29.689941 2023] [authz_core:error] [pid 1706004:tid 140275636758272] [client 172.104.137.47:45300] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Wed Jul 26 17:55:35.282717 2023] [core:error] [pid 1760131:tid 140277549016832] [client 213.109.202.66:59826] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Thu Jul 27 16:21:29.764114 2023] [authz_core:error] [pid 1845224:tid 140275536078592] [client 143.110.156.182:46648] AH01630: client denied by server configuration: /var/www/html/server-status
error_log-20230730:[Fri Jul 28 10:52:51.774130 2023] [core:error] [pid 1915646:tid 140275980695296] [client 213.109.202.66:55976] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
error_log-20230730:[Sat Jul 29 15:06:07.504925 2023] [core:error] [pid 2016080:tid 140276332992256] [client 83.97.73.87:45202] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
Click to expand...



How to mitigate these?
These all seem like hackers attacks.
Any suggested blocking option?
 
dont see sense to block while this only 1-5 requests/day.
you can add to your /var/www/html htacess file with redirect.
 
Agreed with Zhenyapan.
Hoever, seems most of those are coming from the 213.109.2102.66 ip, so you can also block that in csf.
 
don't worry, my server got attack larger than you. it just stupid people trying to hack. Around 100-200 request per day and sometime ddos attack.


if you use pure apache, it could be hard to protect. I suggest move to nginx_apache and enable modsecurity.
 
You must log in or register to reply here.
Back
Top