Post subject: Looking for the best modsec results...
Posted: Mon Jan 11, 2010 12:55 pm
Joined: Sat Jan 17, 2009 2:19 pm Posts: 99
Hi everybody, HAPPY NEW YEAR!
Well it is me again trying to find the best way to manage my server, lol.
I have been using modsec rules for a time now and found that all the rules does a great job blocking a lot of injections or spammer attempts, it has been so great that I have refined a personal project:
I have tabulated data from 5 months and decided to block all the IPs that triggered the spam or injection rules, so, after depuring all the info I have about 7,000 IPs. I have divided them in two files: Hackers and Spammers. that two rules search and blocks this IPs.
I really like this project because now my server blocks the recurring IPs and no time is wasted checking what is wrong, of course if new IPs arrive the other great modsec rules will be stop them and in a few days I will be adding them to the lists.
Post subject: Re: Looking for the best modsec results...
Posted: Mon Jan 11, 2010 2:56 pm
Atomicorp Staff - Site Admin
Joined: Thu Feb 07, 2008 7:49 pm Posts: 3264 Location: Chantilly, VA
That sounds like a great project. Would you be willing to share the data with me? I'm working on the RBL we will be adding to ASL in the future and data on attacks is exactly what I need to add to our honeypot data, particularly if you have done your own analysis and have some results to share.
Users browsing this forum: No registered users and 1 guest
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum