Brute Force Attack on Web Service

  • Answered
We found there are couple thousand of the following message in the past two days. Every now and then the webpage return internal error and we suspect this is related.

We trace the IP address is back to inMotionHosting and we try to make sense of it what is happening?

Could you please kindly assist?

Message found within ERROR_LOG file which can be found under apache
[Wed Jun 12 21:40:01 2013] [error] [client] ModSecurity: Access denied with code 406 (phase 2). Match of "rx ^apache.*perl" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "62"] [id "990011"] [msg "Request Indicates an automated program explored the site"] [severity "NOTICE"] [hostname ""] [uri "/index.php"] [unique_id "UblNIUp820oAAHSkHaUAAAAk"]
Hello CanopyValley, Thank you for your question about brute force attack on web service. It appears that something within your code is probably parsing through the site and it's triggering the mod security rule. You can find and disable specific mod security rules and I did request a systems person review it and go ahead and disable the specific rule for you. This will hopefully resolve the issue you're seeing. If you have any further question or issue with this action please let us know. Make sure you review the article on finding and disabling the specific mod security rules if you require more information. Regards, Arnel C.