What response should be made to a continued web-app crack attempt?

Posted by Tchalvak on Server Fault See other posts from Server Fault or by Tchalvak
Published on 2011-03-14T22:34:18Z Indexed on 2011/03/15 0:12 UTC
Read the original article Hit count: 491

I've issues with a continuous, concerted cracking attempt on a website (coded in php). The main problem is sql-injection attempts, running on a Debian server.

A secondary effect of the problem is being spidered or repeatedly spammed with urls that, though a security hole has been closed, are still obviously related attempts to crack the site, and continue to add load to the site, and thus should be blocked.

So what measures can I take to:

A: Block known intruders/known attack machines (notably making themselves anonymous via botnet or relaying servers) to prevent their repeated, continuous, timed access from affecting the load of the site,

and B: report & respond to the attack (I'm aware that the reporting to law enforcement is almost certainly futile, as may be reporting to the ip/machine where the attacks are originating, but other responses to take would be welcome).

© Server Fault or respective owner

Related posts about php

Related posts about debian