1

the following bot has been attacking my application and I'm wondering how I go about blocking it at the firewall with AWS. It looks as if your able to include access but not block access. Does anybody know how to do this?

w00tw00t.at.blackhats.romanian.anti-sec:

Code Junkie
  • 7,602
  • 26
  • 79
  • 141

1 Answers1

0

What kind of attack is it exactly ? HTTP? Are you using a load balancer?

Here are some options:

  1. You an ssh to the machine that Elastic Beanstalk machine is using and pick up the IP address where that request is coming from. Look under /var/app/current/log. Then just block that IP address on the AWS security group.

  2. If it's a crawler you can look at creating a robots.txt file for your application. More information here: http://en.wikipedia.org/wiki/Robots.txt or something like this:

    User-agent: * # match all bots
Disallow: / # keep them out
Rico
  • 58,485
  • 12
  • 111
  • 141
  • Rico that appears to be an incorrect path to the logs, do you know if it changed? Also, would you happen to know where that .txt file would be placed in a maven app? – Code Junkie Feb 27 '14 at 03:55
  • /var/app/current/log is the path for a Rails application since you are running java look under /var/app or run a `ps -Af` and try to determine where the root of your java app is. Are you running the Tomcat stack from ElasticBeanstalk ? If yes you generally put your robots.txt under `Tomcat_DIR/webapps/ROOT/` – Rico Feb 27 '14 at 04:10
  • Yeah, although 9 years later, the ip addresses in the access log are the "load balancer" ip addresses, you need to save the traffic to S3 at the load balancer before TLS offload. – mckenzm Jul 19 '23 at 01:11