What to do with libwww-perl/5.79

Discussion in 'Security' started by jonathon, Jan 17, 2009.

  1. #1
    This has been hitting my website for a few days now, any know how i can stop this attack, i use both IP ban and robot file.

    [​IMG]

    Ip address: 221.139.104.105
     
    jonathon, Jan 17, 2009 IP
  2. norbert

    norbert Guest

    Messages:
    61
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #2
    If you use ip ban then you are already protected from this attack or not?
    To actually stop it you can check out from where the attack comes (logs) and inform the owner of the hacked machine or better the hosting company.
     
    norbert, Jan 18, 2009 IP
  3. jonathon

    jonathon Well-Known Member

    Messages:
    523
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    110
    #3
    [​IMG]

    [​IMG]

    All websites have begun too receive frequent hits from bots with different host names but the user agent is always like libwww-perl but with new end numbers, i emailed my host but no replys yet.
     
    jonathon, Jan 18, 2009 IP
  4. norbert

    norbert Guest

    Messages:
    61
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    If there are really countless IPs from where these hits come then yes it makes no sense to try to block them.

    These attacks are on the http level. If you use the apache webserver and your website/applications are not too complex you can try mod_security to block those requests.

    Generally I would not create a blockage based on libwww-perl because this is used by many normal bots etc.

    Again, if there are not too many different IPs, I would check from where these attacks come and inform the ISP which is responsible for these IPs. But via telephone! not with email.
    (Btw, the robots.txt does not protect you from anything, it's only purpose is to inform, not to protect.)
     
    norbert, Jan 19, 2009 IP