Continuous attacks to my linode
From almost a year, I see requests like this in my Ruby on Rails application log:
Started GET "/webadmin/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011
ActionController::RoutingError (No route matches "/webadmin/scripts/setup.php"):
Started GET "/webdb/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011
ActionController::RoutingError (No route matches "/webdb/scripts/setup.php"):
Started GET "/fastenv" for 178.162.165.21 at Wed Jan 19 10:14:53 +0000 2011
ActionController::RoutingError (No route matches "/fastenv"):
Started GET "/webdav/" for 50.22.21.218 at Thu Jan 20 19:27:09 +0000 2011
ActionController::RoutingError (No route matches "/webdav"):
This is annoying, because these attacks eat resources from my linode. My first idea was to block these IPs with iptables. But the IPs used in these attacks rarely repeat, I have found more than 40 different IP numbers in the log file. So now I am inclined to use URL filtering, denying requests to ".php" pages and some specific URLs.
I know iptables isn't the right tool for this, would be squid the best choice?
Thank you,
Henrique
2 Replies
Unless it's targeted, or a ton of traffic, it's not worth worrying about or trying to prevent.
Pick a percentage (for me, it's 5% of my web traffic) and if it's less then that, just ignore it.