What response should be made to a continued web-app crack attempt?
Posted
by
Tchalvak
on Server Fault
See other posts from Server Fault
or by Tchalvak
Published on 2011-03-14T22:34:18Z
Indexed on
2011/03/15
0:12 UTC
Read the original article
Hit count: 491
I've issues with a continuous, concerted cracking attempt on a website (coded in php). The main problem is sql-injection attempts, running on a Debian server.
A secondary effect of the problem is being spidered or repeatedly spammed with urls that, though a security hole has been closed, are still obviously related attempts to crack the site, and continue to add load to the site, and thus should be blocked.
So what measures can I take to:
A: Block known intruders/known attack machines (notably making themselves anonymous via botnet or relaying servers) to prevent their repeated, continuous, timed access from affecting the load of the site,
and B: report & respond to the attack (I'm aware that the reporting to law enforcement is almost certainly futile, as may be reporting to the ip/machine where the attacks are originating, but other responses to take would be welcome).
© Server Fault or respective owner