|
Technology and Internet Emerging and current tech related issues. Internet, DRM, IP, and other technology related discussions. |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
"liker.profile" spam bot
I'm not sure if any one here runs any sort of host IDS or some other log analysis on their web logs, but I noticed an uptick in apache/httpd 404 errors similar to this:
Code:
84.240.9.6 - - [02/Jun/2014:03:36:49 -0700] "GET /++liker.profile_URL++ HTTP/1.0" 404 30425 "http://www.ocabj.net/++liker.profile_URL++" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.13014 YaBrowser/13.12.1599.13014 Safari/537.36" Several weeks ago I implemented a custom OSSEC rule: Code:
<rule id="101007" level="6"> <if_sid>31101</if_sid> <regex>+liker\.profile_URL+</regex> <match>GET</match> <description>Link dropping spam bot.</description> </rule> Has anyone else come across this behavior in their environment? Has anyone else mitigated these bots? What was your method?
__________________
Distinguished Rifleman #1924 NRA Certified Instructor (Rifle and Metallic Cartridge Reloading) and RSO NRL22 Match Director at WEGC https://www.ocabj.net |
Thread Tools | |
Display Modes | |
|
|