Hello,

I am getting the following in my /var/log/apache2/access.log. It is an attack I believe, as it has "http://";. Please correct me if I am wrong. They have correctly identified my domain name also. Is it possible to prevent these by installing and configuring modsecurity ? Please suggest. Thanks.

146.0.72.182 - - [17/Jul/2014:23:37:27 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:29 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:30 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:30 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:31 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:32 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:33 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2" 146.0.72.182 - - [17/Jul/2014:23:37:33 +0000] "POST http://MY-DOMAIN.COM/wp-login.php/ HTTP/1.1" 200 3968 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.2) Gecko/2008091620 Firefox/3.0.2"

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to