views:

54

answers:

2

My server is attacked like this

188.165.198.65 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1"

How can I defend it with .htaccess file?

A: 

The best way to prevent this attack from succeeding is the recommendations from Apache security tips. They use Directory directive for that. Unfortunately that directive can't be used from .htaccess, so I propose using Files directive to protect your most sensitive files.

Basilevs
+1  A: 

You are being scanned for directory traversal vulnerabilities. It is very likely that these scans will return nothing, but it could also be the precursor to a compromise.

Without a doubt the best method to defend against this attack is using a Web Application Firewall like Mod_Security which I know for a fact has a rule set which looks for "..\..\" in all http requests and drops the request before it hits your application.

Father more mod_security provides logs which greatly aids law enforcement in the case of a successful comprise.

Rook