For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_103700's avatar
Dan_103700
Icon for Nimbostratus rankNimbostratus
Jul 05, 2013

Attack Signature for Wordpress Spam

The company I work for is being hammered by various distributed botnets that are sending us web traffic containing form posts intended for Wordpress. Basically, the bot nets are trying to post Wordpr...
app sec
BIG-IP Access Policy Manager (APM)
security
Torti's avatar
Torti
Icon for Cirrus rankCirrus
Jul 10, 2013
Hi,

 

 

I think, there are different ways to block such bot requests.

 

1. you can use the web scraping feature to detect bots - https://devcentral.f5.com/tech-tips/articles/more-web-scraping-bot-detection

 

2. you can use an irule to check the query for the parameter "comment". If it is inside --> redirect or response. But you have to be shure, there is no application using this parameter

 

3. define a parameter "comment" in the parameter list with a static value like "1" or anything else.

 

 

I dont know anything about writing attack signatures.

 

 

 

regards