For the last 24 hours I have been getting pummeled from 1000's of ips all targeting the same uri attempting a sql injection exploit. I have atomic mod_ security rules in place which are working fine and successfully blocking all the attempts. Of course I want these ips blocked, but obviously useless. I have CSF installed and as a result of the number of max ips allowed in iptables, my table is cycling constantly.
Is there anything else I can do to stop this attack, or am I left to just letting it end on it's own?
SQL injection attack IP tables cycling
Re: SQL injection attack IP tables cycling
If it's a forum that is PHP based consider installing Suhosin for additional protection and ensure your software is up to date. Check a portion of the IP's and consider using country blocks as opposed to individual blocks, this can make a huge difference.