Apache

How to Block libwww-perl Attack in Apache Web Server

block-libwww-perl-in-apache
mm
Written by Santosh Prasad

These days hackers, spammers, bots are keeping growing very fast. Now time has come when you need to became mindful. libwww-perl is a www client/server library for perl which is used by hackers, spammers, bots to perform attack on your website. So you need to secure your web server.

In this article I will show how you can block libwww-perl attack in Apache web server.

Block libwww-perl Attack

First of all you have to check your Apache access log to confirm libwww-perl attack.

# grep "libwww-perl" /var/log/httpd/access.log

You will some output like below:

- - - [07/Nov/2017:05:10:15 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.003 ut=- [for 127.0.0.1 via - from 127.0.0.1]
- - - [07/Nov/2017:05:15:09 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.004 ut=- [for 127.0.0.1 via - from 127.0.0.1]
- - - [07/Nov/2017:05:15:10 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.004 ut=- [for 127.0.0.1 via - from 127.0.0.1]

Above you can see someone is trying to attack your host and exploit security. You can also see that libwww perl/5.833 as browser name.

Now you have to block libwww-perl (LWP ) attack or you can also run your web server in chrooted jail.

Block libwww-perl under Apache web server

To block libwww-perl under Apache you need to access your web-server and go to document root directory in my case my web server document root directory is /var/www/htm/ and find the .htaccess file and edit this file like below:

# vim /var/www/html/.htaccess
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* – [F,L]

If due to some reason above code does not work use below code:

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

Verify that User-Agent libwww-perl is blocked

To verify that user-agent libwww-perl is blocked or not just create a perl script called ” test_libwww.pl ” add add the below content in it:

#!/usr/bin/perl

# Simple LWP browser for testing

use LWP::UserAgent;

$ua = LWP::UserAgent->new;

$ua->agent("$0/0.1 " . $ua->agent);

# $ua->agent("Mozilla/8.0") # pretend we are very capable browser

$req = HTTP::Request->new(GET => 'http://your-example.com/');

$req->header('Accept' => 'text/html');

# send request

$res = $ua->request($req);

# check the outcome

if ($res->is_success) {

print $res->content;

} else {

print "Error: " . $res->status_line . "\n";

}

Please replace your domain name with your domain name and save file. Now make this script executable typing below command:

# chmod +x test_libwww.pl

Now execute the script:

# ./test_libwww.pl

You will get some output like below:

Error: 403 Forbidden

If you get above output means your sever is safe from libwww-perl attack.

Thanks:)

Thank you! for visiting Look Linux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment