this post is in continuation to the thread here : http://garage4hackers.com/showthread.php?t=2581
Based on the details that i have gathered so far
Here is a htaccess code which you can use.
#Script kiddie blocker start #License: GPLv2 or later #License URI: http://www.gnu.org/licenses/gpl-2.0.htmlRewriteEngine On <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR] RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR] RewriteCond %{HTTP_USER_AGENT} SF [OR] RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR] RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR] RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR] RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR] RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR] RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR] RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR] RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR] RewriteCond %{HTTP:Acunetix-Product} ^WVS RewriteRule ^.* http://127.0.0.1 [R=301,L] </IfModule> #Script kiddie blocker End
This is a basic setup where we are redirecting these skiddies to there own system’s so that would be a fun to look at 😛
I will keep adding more and more enteries as time progresses
Nice share 🙂
Sir,
Dont you think dependence on HTTP_USER_AGENT is a bit trivial ? 🙂
Edit : i read #21 at g4h and found the reason; but still a good startup defense for actual tool hogs 🙂 (analogous to access lists though)
@rishabh, its actually analogous to access lists or mod security plugin. However considering a person is living on shared hosting environment there are already lots ot things to take care of and should not be worried by this. and most of the time these attacks are waste of resources.