Hello, so recently I got spammed by this vulnerability scanner. The HEAD is always the same, in regards to the $user_agent, *Jorgee*
** Alert 1498324205.1278330: - web,accesslog, 2017 Jun 24 17:10:05 (OSSEC AGENT) SRCIP->/var/log/nginx/access.log Rule: 31101 (level 5) -> 'Web server 400 error code.' 213.119.18.4 - - [24/Jun/2017:19:10:05 +0200] HEAD http://SRCIP:80/sql/phpmyadmin2/ HTTP/1.1 404 0 - Mozilla/5.0 *Jorgee* So i'm wondering if anyone has a good idea or rule how to block/ban these attempts? Kind regards, Fredrik -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
