foxhound |
|
---|---|
You all know these kind of rules in the system log: A variable type check failed, expecting G/ALP for 'e' : http://www.mystupidurl.com/xxxx/weee.txt? - /plug.php?e=http://www.mystupidurl.com/xxxx/weee.txtt?&something=www.myownwebsite/plug.php?e=¶=xxxxxxxx
If you execute this part of the url: www.myownwebsite/plug.php?e=¶=xxxxxxxx you get a 950 error message like this: An error occured, maybe a wrong URL? Redirecting...
Right now I am trying to make a rewrite rule which should redirect the traffic when he uses "plug.php?e=¶=xxxxxxxx" but the thing is, the rewrite rule is "overruled" by the default cotonti response. So, no matter the rewrite condition it will never redirect except for the default action (redirect to homepage). RewriteCond %{QUERY_STRING} ^xxxxxxxx$ [NC] RewriteRule plug.php http://myfunnydomain.boe [L] Anyone has a tip how I can force the redirect to work so the person using this kind of stuff gets redirected to another domain (dont worry, its a domain setup specially for this by a friend of mine, I am not going to punish someone else).
Added 1 hour later: Sorry for the bother, although not as I wanted (no token to block all instances of "xxxxxxxx" I got it to work, redirecting him to his own server :) <img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
|
|
This post was edited by foxhound (2012-03-12 23:54, 12 years ago) |
GHengeveld |
|
---|---|
I believe your RewriteCond only matches the exact 'xxxxxxxx' string, not if it's preceded by something else (e.g. plug.php&e=¶=). This is because ^ indicates the beginning of the string, while $ indicates the end. Actually I think you don't need a RewriteCond at all. Can you explain what you're trying to achieve here? I'm having a hard time understanding the exact problem. |
foxhound |
|
---|---|
Some kid was sending us request after request continously trying an injection script. At first I ignored it cause it was catched by the logs but when he/she managed to crash apache with the constant flow after like 4 days it was time for some contra actions. This is what I did: RewriteCond %{QUERY_STRING} ^id=¶=xxxxxxxxxxxxx$ [NC] RewriteRule page.php http://127.0.0.1/index.php? [NS,S,L] RewriteCond %{QUERY_STRING} ^e=¶=xxxxxxxxxxxxx$ [NC] RewriteRule plug.php http://127.0.0.1/index.php? [NS,S,L]
Redirecting to a local IP hoping it would flow back on his own server. This solved the issue and he is hardly coming through at the site anymore but still trying so I think he has not yet figured out the traffic he is sending in is redirected. <img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
|
GHengeveld |
|
---|---|
Cotonti has the Shield feature this type of thing. Try enabling that. Also you could just ban his IP address from accessing your site. |
foxhound |
|
---|---|
Yeah, I see I have not enabled those. Added 2 days later:
I enabled this and used the default settings (Adjust Shield timers (in %) : 100 and Anti-hammer after * fast hits : 25). Thanks for the tip, I can see a lot of bans so it is doing its job. <img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
|
|
This post was edited by foxhound (2012-03-17 15:03, 12 years ago) |
ez |
|
---|---|
Maybe you could raise the after * hits count.. maybe ==- I say: Keep it EZ -==
|
foxhound |
|
---|---|
Sorry for the late reply, been busy with other things again (new venture, going to use Sienna for it). <img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
|