Page 1 of 1

Ban IP's that access 404 pages

Posted: 30 Aug 2018, 00:46
by subtopic
I am hosting sites with inmotionhosting, and have used up 2 hours of paid support, and they cannot configure CSF to ban IP's that request over 100 404 pages.

I am getting attacked daily from thousands of IP's requesting a file called chrqd.php, here is an example

Code: Select all

1-0	-	0/0/1	.	0.04	679	0	0.0	0.00	0.00	94.23.196.106	http/1.1	vps.inmotionhosting.com:80	GET /xcns/chrqd.php?up=%C3%9A%C2%AF%C3%98%C2%B1%C3%99%CB%86%C3%
There are 10 other lines of IP's doing 679 requests to that file against my VPS and other domains I manage.

I can only think of using CSF to ban these IP's.

Is there a better solution?

Re: Ban IP's that access 404 pages

Posted: 19 Sep 2018, 22:00
by MaraBlue
It's surprising (and actually disheartening) that Inmotion's support couldn't help, especially within the time frame of 2 hours.

CSF has "LF_APACHE_404" where you can limit the number of 404's hit by any one IP. Mod Security also does very well at blocking requests to specific non-existant pages (as part of a brute force attempt).

The combination of the 2, CSF and ModSec, works very well.