on one of my server 1000’s of ip was attacking and load went high, after installing comodo waf attack was blocked. Csf blocked the ips and thats working really great
[Wed Jun 04 10:15:42.715508 2014] [:error] [pid 15537:tid 140507437016832] [client 107.150.59.78] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “mozilla/4.0 (compatible; msie 6.0; win32)” at REQUEST_HEADERS:User-Agent. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “488”] [id “210800”] [msg “COMODO WAF: Request Indicates a Security Scanner Scanned the Site”] [data “mozilla/4.0 (compatible; msie 6.0; win32)”] [severity “CRITICAL”] [hostname “ib.adnxs.com”] [uri “/tt”] [unique_id “U48qDsZklOUAADyxoYMAAAET”]
[Wed Jun 04 10:18:26.814204 2014] [:error] [pid 17207:tid 140162197550848] [client 107.150.59.78] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “mozilla/4.0 (compatible; msie 6.0; win32)” at REQUEST_HEADERS:User-Agent. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “488”] [id “210800”] [msg “COMODO WAF: Request Indicates a Security Scanner Scanned the Site”] [data “mozilla/4.0 (compatible; msie 6.0; win32)”] [severity “CRITICAL”] [hostname “ib.adnxs.com”] [uri “/tt”] [unique_id “U48qssZklOUAAEM3ST0AAAER”]
[Wed Jun 04 10:24:36.054047 2014] [:error] [pid 23233:tid 140160888993536] [client 107.150.59.78] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “mozilla/4.0 (compatible; msie 6.0; win32)” at REQUEST_HEADERS:User-Agent. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “488”] [id “210800”] [msg “COMODO WAF: Request Indicates a Security Scanner Scanned the Site”] [data “mozilla/4.0 (compatible; msie 6.0; win32)”] [severity “CRITICAL”] [hostname “ib.adnxs.com”] [uri “/tt”] [unique_id “U48sJMZklOUAAFrButgAAABY”]
[Wed Jun 04 10:31:19.897136 2014] [:error] [pid 29973:tid 140162281469696] [client 107.150.59.78] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “mozilla/4.0 (compatible; msie 6.0; win32)” at REQUEST_HEADERS:User-Agent. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “488”] [id “210800”] [msg “COMODO WAF: Request Indicates a Security Scanner Scanned the Site”] [data “mozilla/4.0 (compatible; msie 6.0; win32)”] [severity “CRITICAL”] [hostname “ib.adnxs.com”] [uri “/tt”] [unique_id “U48tt8ZklOUAAHUVlUYAAABK”]
[Wed Jun 04 10:31:23.038958 2014] [:error] [pid 29973:tid 140162270979840] [client 107.150.59.78] ModSecurity: Access denied with code 403 (phase 2). Matched phrase “mozilla/4.0 (compatible; msie 6.0; win32)” at REQUEST_HEADERS:User-Agent. [file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “488”] [id “210800”] [msg “COMODO WAF: Request Indicates a Security Scanner Scanned the Site”] [data “mozilla/4.0 (compatible; msie 6.0; win32)”] [severity “CRITICAL”] [hostname “ib.adnxs.com”] [uri “/tt”] [unique_id “U48tu8ZklOUAAHUVlzsAAABL”]
I just want to know what was the nature of attack. any help?