Mitchell Krog
Mitchell Krog
> Seems like a great utility! But unfortunately no longer works, since twitter now only support API v2 for the "lower tear" API access levels. > > Any chance that...
Excellent, thanks so much Patrick, works like a charm adding those to the parameters.
Those attack strings are very difficult to block, I started trying to work on a Regex for detecting that some time ago but it's so complex and those strings change...
@extensionsapp I don't know of any Fail2Ban jail currently that will catch any of these. I've posted a question on Stack to see if some regex genius can figure out...
Thanks @extensionsapp I'll try that out. Will let you know if I get any answer on Stack for actually detecting these complex strings like this. ``` \x03\x00\x00)$\xE0\x00\x00\x00\x00\x00 \x03\x00\x00)$\xE0\x00\x00\x00\x00\x00 \x16\x03\x01\x01\x22\x01\x00\x01\x1E\x03\x03\xB2\xF2\x5CF\x0C\xD8eb\x92m\x19\xBB\x81\xCE\x90\x9C\xC5\x90r+\x98@\xC00\x1AS4\xF3\xB9\x86\xF6\xC2\x00\x00\x88\xC00\xC0,\xC0(\xC0$\xC0\x14\xC0 Gh0st\xAD\x00\x00\x00\xE0\x00\x00\x00x\x9CKS``\x98\xC3\xC0\xC0\xC0\x06\xC4\x8C@\xBCQ\x96\x81\x81\x09H\x07\xA7\x16\x95e&\xA7*\x04$&g+\x182\x94\xF6\xB000\xAC\xA8rc\x00\x01\x11\xA0\x82\x1F\x5C`&\x83\xC7K7\x86\x19\xE5n\x0C9\x95n\x0C;\x84\x0F3\xAC\xE8sch\xA8^\xCF4'J\x97\xA9\x82\xE30\xC3\x91h]&\x90\xF8\xCE\x97S\xCBA4L?2=\xE1\xC4\x92\x86\x0B@\xF5`\x0CT\x1F\xAE\xAF]...
@extensionsapp well done, I would never have figured that out 🥇
Nice one @extensionsapp I will try it out. Someone on Stack Exchange posted this Regex for me, do you want to try it out too?? `^(?:(?:\w+)?\\x[^\\\n]+)+|(?:%[A-F0-9]{2})+$`
Another option with Nginx is ``` add_header Allow "GET, POST, HEAD" always; if ( $request_method !~ ^(GET|POST|HEAD)$ ) { return 405; } ``` .... in all my logs these requests...
@extensionsapp very true but changing that to ``` add_header Allow "GET, POST, HEAD" always; if ( $request_method !~ ^(GET|POST|HEAD)$ ) { return 444; } ``` would just drop the connection...
I do agree that catching these with Fail2Ban and blocking them at IPTables level is first prize. Then things like my [Fail2Ban Perma-Ban filter](https://github.com/mitchellkrogza/Fail2Ban-Blacklist-JAIL-for-Repeat-Offenders-with-Perma-Extended-Banning) can also ban them for extended...