locked
Best answer to PHP attacks... RRS feed

  • Question

  • User753101303 posted

    Hi,

    We have sometimes PHP requests to our ASP.NET apps to find out installed products etc... For now we do nothing special which ends up with a 404 Not Found response.

    I wondered if there is something special we could do about that such as :
    - using some other http status code which could discourage further probing (403 Forbidden ?)
    - and/or maybe to add a delay to slow them down

    Thanks in advance.

    Thursday, June 6, 2019 2:05 PM

Answers

  • User753101303 posted

    Since then I noticed in particular 403.50x which seems to be used by the IIS Dynamic IP restrictions module. I'll likely go in this direction, hoping that most scanners are trying to optimize their snooping effort by slowing down, postponing or lowering the scan frequency for sites returning this kind of "IP blocked" status.

    Thanks Mike.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 6, 2019 5:28 PM

All replies

  • User-821857111 posted

    If I think that a request is intrusive or malicious, I tend to respond with 400. I always think (rightly or wrongly) that 401 and 403 might actually encourage further snooping.  

    Thursday, June 6, 2019 3:16 PM
  • User753101303 posted

    Since then I noticed in particular 403.50x which seems to be used by the IIS Dynamic IP restrictions module. I'll likely go in this direction, hoping that most scanners are trying to optimize their snooping effort by slowing down, postponing or lowering the scan frequency for sites returning this kind of "IP blocked" status.

    Thanks Mike.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, June 6, 2019 5:28 PM