sworks adlı üyeden alıntı

ismkdc Anasayfaya saldırmıyorsunuz yalnız. Doğrudan ana dizine saldıracağınızı düşündüm.

13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?BBRPTOEYJP=WTY HTTP/1.1" 200 13290 "http://serdarwork.com/OULHF" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=5.997 ua="unix:/var/run/php/php7.4-fpm.sock" us="200" ut="6.000" ul="51966" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?IXCMH=ULULQK HTTP/1.1" 200 13291 "http://www.usatoday.com/search/results?q=GYFMJ" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=5.873 ua="unix:/var/run/php/php7.4-fpm.sock" us="200" ut="5.876" ul="51966" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?ISUCVDCEN=BNGUTLYDEX HTTP/1.1" 200 13289 "http://www.google.com/?q=GGJXVZFYC" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=5.879 ua="unix:/var/run/php/php7.4-fpm.sock" us="200" ut="5.880" ul="51966" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?GSTNCIQG=BJBGSLZ HTTP/1.1" 502 150 "http://serdarwork.com/XYRDXT" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?EEOGAEB=AYU HTTP/1.1" 502 150 "http://serdarwork.com/NFEXPPD" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?VAO=XPX HTTP/1.1" 502 150 "http://serdarwork.com/FULIPSBT" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?YLMOLEVJL=PFAUFJAH HTTP/1.1" 502 150 "http://serdarwork.com/AQJZSEKEUM" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?GKSOBPJNDF=JVOWTILNZY HTTP/1.1" 502 552 "http://engadget.search.aol.com/search?q=AXYMJGL" "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?KBTX=JZVYZOZ HTTP/1.1" 502 552 "http://www.usatoday.com/search/results?q=XATSR" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?ULKJKF=PCBGYG HTTP/1.1" 502 150 "http://www.google.com/?q=NWHNLVJOUF" "Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-
13.82.80.22 - - [07/Apr/2020:17:01:09 +0000] "POST /?IEUUIBIZ=UPCDOOI HTTP/1.1" 502 552 "http://engadget.search.aol.com/search?q=QHNCYS" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" "13.82.80.22" "serdarwork.com" sn="serdarwork.com" rt=0.000 ua="unix:/var/run/php/php7.4-fpm.sock" us="502" ut="0.000" ul="0" cs=-


Aynı saldırıyı devam ettirin, saldırıyı durdurmayın lütfen :) Böylece gerçek bir deneme yapmış oluruz.

Yukarıdaki loglara göre direk "/" şeklinde anasayfaya değil farklı sorgularla saldırıyorsunuz. Bende ? işareti bulunan sorguları blockladım buyrun atak anında durduruldu tüm istekler durduruldu:



Tespit edip durdurma sürecinde evet maalesef site kapalı kalabilir. Siz aynı saldırıyı değiştirmeden devam ettirdiğiniz sürece blocklanmaya devam eder.

Dediğim gibi "/" şeklinde ana dizine saldırsaydınız koruma bile eklemeyecektirm. Şu an ?samdams gibi sorgular olduğu için koruma eklemek zorundayım.


kullandığın kural bütün siteye uygulanamyormu?