Nginx

How to Block libwww-perl Attack in Nginx Web Server

These days hackers, spammers, bots are keeping growing very fast. Now time has come when you need to became mindful. libwww-perl is a www client/server library for perl which is used by hackers, spammers, bots to perform attack on your website. So you need to secure your web server. Nginx provide many ways to block unwanted traffic, you can use allow or deny rules or set a password protected directory or you can also block bad bots and avoid attack from HTTP user agent with GET or Post request.

In this article I will show how you can block libwww-perl attack in Nginx web server.

Block libwww-perl Attack in Nginx

First of all you have to check your Nginx access log to confirm libwww-perl attack.

# grep "libwww-perl" /var/log/nginx/access.log

- - - [07/Nov/2017:04:55:14 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.005 ut=- [for 127.0.0.1 via - from 127.0.0.1]
- - - [07/Nov/2017:05:00:11 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.004 ut=- [for 127.0.0.1 via - from 127.0.0.1]
- - - [07/Nov/2017:05:00:12 -0600] "GET / HTTP/1.1" 200 162 "-" "libwww-perl/5.833" rt=0.004 ut=- [for 127.0.0.1 via - from 127.0.0.1]

In access log you can see someone trying to attack your host and exploit your web server security. You can see that libwww-perl/5.833 as User-Agent name.

You can avoid these type of attack using below two method:

  • 1. Blocking libwww-perl on your web server
  • 2. Running your web server in chrooted jail environment.

In this tutorial I am going to block libwww-perl on web server.

Block libwww-perl under Nginx web server

To block libwww-perl under Nginx you need to access your web-server and edit nginx.conf file:

# vim /etc/nginx/nginx.conf

Inside of the HTTP{} section, add this:

if ($http_user_agent ~* (libwww-perl) ) {
return 403;
}

Save and close the file.

You can also block multiple user agent like below:

if ($http_user_agent ~* (Windows 95|Windows 98|wget|curl|libwww-perl) ) {
return 403;
}

Verify that User-Agent libwww-perl is blocked

To verify that user-agent libwww-perl is blocked or not use my previous article.

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

2 Comments

  • HI Santosh , I am using above conf block for protecting server from Perl scripts attacks.But how can i check is this working or not?

    • Hi Anil, First of all thanks for visiting looklinux.

      To verify that user-agent libwww-perl is blocked or not just create a perl script called ” test_libwww.pl ”add add the below content in it. For example:

      # vim test_libwww.pl

      #!/usr/bin/perl

      # Simple LWP browser for testing

      use LWP::UserAgent;

      $ua = LWP::UserAgent->new;

      $ua->agent(“$0/0.1 ” . $ua->agent);

      # $ua->agent(“Mozilla/8.0”) # pretend we are very capable browser

      $req = HTTP::Request->new(GET => ‘http://your-example.com/’);

      $req->header(‘Accept’ => ‘text/html’);

      # send request

      $res = $ua->request($req);

      # check the outcome

      if ($res->is_success) {

      print $res->content;

      } else {

      print “Error: ” . $res->status_line . “\n”;

      }
      #######

      Please replace your domain name with your domain name and save file. Now make this script executable typing below command:

      # chmod +x test_libwww.pl

      Now execute the script:

      # ./test_libwww.pl

      You will get some output like below:

      #####################
      Error: 403 Forbidden
      #####################

      If you get above output means your sever is safe from libwww-perl attack.

      Thanks.

Leave a Reply to Santosh Prasad X