Portal Home > Knowledgebase > Articles Database > Modsec and X-Flash :(

Modsec and X-Flash :(

Posted by VIETHOSTING, 08-08-2008, 05:50 PM

Hi, Is there anyone know how to use Modsec to block refer from .swf file like: X-flash DDOS. Example: Domain: xyz.com X-flash site: http://attack.com/ddos.swf On cpanel xyz.com we can see in List Last Visit many ip and refer with post and get from http://attack.com/ddos.swf file. How can we use modsec block request like this ? P/S: sorry my english not well

---

Posted by TheITAdvisory, 08-08-2008, 11:11 PM

Were all of the IP's the same?

---

Posted by VIETHOSTING, 08-09-2008, 05:35 AM

None, they re not the same. This type attack using visitor from a site and refer these ips to victim site with many post or get request.

---

Posted by TheITAdvisory, 08-09-2008, 11:18 AM

I see, and the referrer is the attacker site? If you look at the http header packets, if the referrer is the attackers website, just block their website in a .htaccess

---

Add to Favourites    Print this Article

Cheap switch for internal traffic, is it reliable and fast? (Views: 553)

Server goes down for 15 minutes every other day. (Views: 566)

Will CSF/LFD work with rsyslog instead of syslog ? (Views: 610)

Reselling of magento-webshops (Views: 577)

site been hacked, see strange in the log (Views: 600)