Layer7 Attack Mitigation Development

XURY

Member
May 9, 2015
60
96
53
Hello r4p3rs :)!

This is intended for beginners :)
Just in case you're wondering why I'm showing obvious ways to mitigate Layer7 attacks ;)

Today I wanted to show you an easy way to mitigate Layer7 attacks once you'll be victim of one!

First step:
Go to /var/log/nginx or /var/log/apache2 on your server and open the access log file as soon as the attack stops or slows down.

Second step:
Search for reoccuring strings.

Third step:
Immediately ban/blackhole websites that access your server with the previously discovered string.

Example:
http://thsec.net/mitigate-layer7-attacks/layer7-request-sample.php

As assumed by dedmen you probably won't know how to blackhole servers. Just in case you really don't know it there's a tutorial!

You're done :)!
 
Last edited:

Qraktzyl

Retired Staff
Contributor
Nov 2, 2015
997
728
161
What about
Code:
server {
...
if ($http_user_agent ~ WordPress) { return 444; }
...
}
with nginx?
 

XURY

Member
May 9, 2015
60
96
53
What about
Code:
server {
...
if ($http_user_agent ~ WordPress) { return 444; }
...
}
with nginx?
I'm not familiar with nginx so that might work. Don't know if a request still gets into cache when thrown 444.
 
Top