XURY
Member
- May 9, 2015
- 60
- 96
- 53
Hello r4p3rs 
!
Today I wanted to show you an easy way to mitigate Layer7 attacks once you'll be victim of one!
First step:
Go to /var/log/nginx or /var/log/apache2 on your server and open the access log file as soon as the attack stops or slows down.
Second step:
Search for reoccuring strings.
Third step:
Immediately ban/blackhole websites that access your server with the previously discovered string.
Example:
http://thsec.net/mitigate-layer7-attacks/layer7-request-sample.php
As assumed by dedmen you probably won't know how to blackhole servers. Just in case you really don't know it there's a tutorial!
You're done!
!This is intended for beginners
Just in case you're wondering why I'm showing obvious ways to mitigate Layer7 attacks
Just in case you're wondering why I'm showing obvious ways to mitigate Layer7 attacks
Today I wanted to show you an easy way to mitigate Layer7 attacks once you'll be victim of one!
First step:
Go to /var/log/nginx or /var/log/apache2 on your server and open the access log file as soon as the attack stops or slows down.
Second step:
Search for reoccuring strings.
Third step:
Immediately ban/blackhole websites that access your server with the previously discovered string.
Example:
http://thsec.net/mitigate-layer7-attacks/layer7-request-sample.php
As assumed by dedmen you probably won't know how to blackhole servers. Just in case you really don't know it there's a tutorial!
You're done
!
Last edited:
I added a tutorial ^^ Thanks