Linode Forum

[hgtesta]

Hi all,

From almost a year, I see requests like this in my Ruby on Rails application log:

Started GET "/webadmin/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011
ActionController::RoutingError (No route matches "/webadmin/scripts/setup.php"):

Started GET "/webdb/scripts/setup.php" for 72.167.252.231 at Sat Jan 15 19:33:56 +0000 2011
ActionController::RoutingError (No route matches "/webdb/scripts/setup.php"):

Started GET "/fastenv" for 178.162.165.21 at Wed Jan 19 10:14:53 +0000 2011
ActionController::RoutingError (No route matches "/fastenv"):

Started GET "/webdav/" for 50.22.21.218 at Thu Jan 20 19:27:09 +0000 2011
ActionController::RoutingError (No route matches "/webdav"):

This is annoying, because these attacks eat resources from my linode. My first idea was to block these IPs with iptables. But the IPs used in these attacks rarely repeat, I have found more than 40 different IP numbers in the log file. So now I am inclined to use URL filtering, denying requests to ".php" pages and some specific URLs.

I know iptables isn't the right tool for this, would be squid the best choice?

Thank you,

Henrique

[hoopycat]

If handling nonexistent URLs is eating significant resources, your best choice would be to streamline your 404 handling somehow. You're on the Internet; there's some tens of millions of computers infected with worms or hijacked by botnets, and you'll never block them all.

[vonskippy]

There's always crud on the net hitting your server.

Unless it's targeted, or a ton of traffic, it's not worth worrying about or trying to prevent.

Pick a percentage (for me, it's 5% of my web traffic) and if it's less then that, just ignore it.