Software is being abused - can it be blocked?

[WereMike]

What's a good way to block this? It's being used for a DDoS attack against our site, and I wonder if there's a good way to block it directly.

[gabrielhesposito]

@WereMike block a DDoS directly? https://www.akamai.com/

[UranusCEO]

My server get some attack logs this morning as well, the attack come from a client ip with 185.10.68.137

Log entries:

[Sat Nov 25 08:15:36 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:17:03 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:18:01 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:18:57 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [Sat Nov 25 08:19:25 2017] [error] [client 185.10.68.137] ModSecurity: Access denied with code 403, [Rule: 'REQUEST_HEADERS:User-Agent' '@pmFromFile bl_scanners'] [id "210801"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site"] [logdata "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"]