Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there a list of popular attack vector urls located somewhere? I want to just auto-ban anyone sniffing for .env or ../../../../ etc.

Rather not write it myself



check out the lists in this repo

https://github.com/danielmiessler/SecLists/blob/master/Disco...

I combined a few of the most interesting lists from here into one and never miss an attack now


It would be a fairly short Perl script to read the access logs and curl a HEAD request to all URLs accessed, printing only those with 200 OK responses.

Here's a start hacked together and tested on my phone:

    perl -lnE 'if (/GET ([^ ]+)/ and $p=$1) {
        $s=qx(curl -sI https://BASE_URL/$p | head -n 1);
        unless ($s =~ /200|302/) {
            say $p
        }
    }'


Also interested in this. For now I've left a server up for a couple of weeks, went through the logs and set up fail2ban for the most common offenders. Once a month or so I keep checking for offenders but the first iteration already blocked many of them.


Check out Modsecurity WAF and CoreRuleSet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: