Not only do I block all accesses from libwww-perl, I also log what they were looking for which turns up an amazing amount of botnet hits on a daily basis just randomly hitting websites trying to find a way inside.
The first trick to securing your site from the script kiddies is to block any user agent that contains “libwww-perl” which will stop the dumb ones from owning your site.
Try adding this to your .htaccess file:
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
The next trick is to filter out things in your QUERY_STRING such as “=http:” which is a typical in the botnet scripts that attempt to upload files to vulnerable software. This won’t impact most other applications because file uploads tend to be done via a form and a POST, not a GET command.
With these 2 minor security changes you’ve eliminated many vulnerabilities from botnet attackers and blocked their method of uploading files.
It’s not 100% but it may be enough to help you survive the next time your Open Source application gets a vulnerability until you can actually apply the patch.
Taken from http://incredibill.blogspot.com/
You must be logged in to post a comment.