Hi Theodoros, Il giorno mer, 23/06/2010 alle 07.48 +0200, Theodoros Theodoropoulos ha scritto: > Lately we have several attempts from an agent named 'czxt2s' that > repeatedly tries to inject a certain SQL code into the url of our > invenio server. The injection is unsuccessful, but an exception is > produced every time. Where could i put some code to deny access to our > server from that specific agent? > > > The produced exception, follows: (the ip is different every time) > >>> Registered exception > 2010-06-22 23:19:22 -> ValueError: invalid literal for int(): 1' And > char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From > [sysobjects] Where 1=1)>0 and ''='
interesting attempt! :-) I just came across yesterday to something might be useful for your case: <http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html> At the bottom there is exactly an example on how to filter out, directly in Apache, bots by matching them by User-Agent: [...] SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in <Directory /docroot> Order Deny,Allow Deny from all Allow from env=let_me_in </Directory> [...] On the other hand, to pro-actively defend your server from future attacks you might give a look at mod_security: <http://www.modsecurity.org/> Cheers, Sam
