Brute Force Attack on Web Service
We found there are couple thousand of the following message in the past two days. Every now and then the webpage return internal error and we suspect this is related.
We trace the IP address is back to inMotionHosting and we try to make sense of it what is happening?
Could you please kindly assist?
Message found within ERROR_LOG file which can be found under apache
[Wed Jun 12 21:40:01 2013] [error] [client 74.124.219.74] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "62"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "canopyvalley.com"] [uri "/index.php"] [unique_id "UblNIUp820oAAHSkHaUAAAAk"]
We trace the IP address is back to inMotionHosting and we try to make sense of it what is happening?
Could you please kindly assist?
Message found within ERROR_LOG file which can be found under apache
[Wed Jun 12 21:40:01 2013] [error] [client 74.124.219.74] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "62"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname "canopyvalley.com"] [uri "/index.php"] [unique_id "UblNIUp820oAAHSkHaUAAAAk"]
