ComboStrap - Ban (Scanning Protection)
About
combostrap will ban well-known path that bots are using to scan your server.
We enforce a shadow ban by performing a transparent redirect to the website home page.
For example, clicking on this well-known wordpress link wp-admin will send you to the home page (if you are not logged in).
It has the benefits:
- to preserve the resources of your server.
- to not telling explicitly to the attacker that they are banned.
- to not trigger any web monitoring alert because of a too high redirection rate.
Scanning Banned
Wordpress
Wordpress Scanning bans all path that contains wp-.
Example:
wp-json:api:flutter_woo:config_file
wp-content:plugins:wpdiscuz:themes:default:style-rtl.css
wp-admin
2020:wp-includes:wlwmanifest.xml
wp-content:start
wp-admin:css:start
Git
Git Scanning bans all path that starts with “git”
Example:
git:objects:
git:refs:heads:stable
git:logs:refs:heads:main
git:logs:refs:heads:stable
git:hooks:pre-push.sample
git:hooks:pre-receive.sample
SQL Injection
SQL Injection Scanning bans all path that contains sql statements
Examples:
db:oracle:long_or_1_utl_inaddr.get_host_address_chr_33_chr_126_chr_33_chr_65_chr_66_chr_67_chr_49_chr_52_chr_53_chr_90_chr_81_chr_54_chr_50_chr_68_chr_87_chr_81_chr_65_chr_70_chr_80_chr_79_chr_73_chr_89_chr_67_chr_70_chr_68_chr_33_chr_126_chr_33
1114_or_9176_cast_chr_113_chr_98_chr_98_chr_113_chr_113_select_case_when_9176_9176_then_1_else_0_end\text_chr_113_chr_118_chr_106_chr_98_chr_113_as_numeric_--_kted