Open WereMike opened 6 years ago
@WereMike block a DDoS directly? https://www.akamai.com/
My server get some attack logs this morning as well, the attack come from a client ip with 185.10.68.137
Log entries:
[Sat Nov 25 08:15:36 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:17:03 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:18:01 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:18:57 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:19:25 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"]
What's a good way to block this? It's being used for a DDoS attack against our site, and I wonder if there's a good way to block it directly.