Forum Discussion

Nimbostratus

Jul 05, 2013

Attack Signature for Wordpress Spam

The company I work for is being hammered by various distributed botnets that are sending us web traffic containing form posts intended for Wordpress. Basically, the bot nets are trying to post Wordpr...

app sec

BIG-IP Access Policy Manager (APM)

security

Torti

Cirrus

Jul 10, 2013

Hi,

I think, there are different ways to block such bot requests.

1. you can use the web scraping feature to detect bots - https://devcentral.f5.com/tech-tips/articles/more-web-scraping-bot-detection

2. you can use an irule to check the query for the parameter "comment". If it is inside --> redirect or response. But you have to be shure, there is no application using this parameter

3. define a parameter "comment" in the parameter list with a static value like "1" or anything else.

I dont know anything about writing attack signatures.

regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)