0

I am checking my apache error log, and I see a weird pattern.

Same IP requests, within 1 second, pages that are 'common' in websites: wp,wordpress,joomla.. etc.

Because this specific domain doesn't have any of these folders, it returns immediately return 404.

Would you recommend blocking this IP? Or could it be legitimate somehow? Is there any tool out there, preferably free, or at least low cost, that can track these suspicious common attacks?

http://i.stack.imgur.com/GVAv4.png

Jatin
  • 197
  • 9
justadev
  • 303
  • 1
  • 4
  • 14

1 Answers1

0

Looks like standard vulnerability search and if would be good to block IP's that conduct those. As for software, modsecury should provide many useful rules, among those is rule that monitors for 404 errors and blocks IP when threshold is reached. More about installation for Apache on this link:

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_Apache

RonanW.
  • 419
  • 2
  • 6