klsphotos
asked on
How to stop the Jorgee bot?
Hi Experts,
I am having a enormous amount of intrusion attempts on our cloud web and sql servers. It's a different IP address all the time. I am currently researching this further but not having much luck on how to close up the vunerability or stop it.
Any ideas how I can stop this? My mailbox is flooded with these notifications and it's increasing.
We use Symantec Endpoint Security, A firewall, and the windows firewall
Thank you,
Karen
I am having a enormous amount of intrusion attempts on our cloud web and sql servers. It's a different IP address all the time. I am currently researching this further but not having much luck on how to close up the vunerability or stop it.
Any ideas how I can stop this? My mailbox is flooded with these notifications and it's increasing.
We use Symantec Endpoint Security, A firewall, and the windows firewall
Thank you,
Karen
Are your cloud servers behind a firewall? If so, then you can try potentially setting up a rule in that space. Ideally, you could look for patterns as spelled out in the article (where Jorgee is spelled out in a string): https://blog.paranoidpengu in.net/201 7/04/jorge e-goes-on- a-rampage/
ASKER
Yes but the extent of our firewall is permit or deny and what port, I'm not sure how to do what is in that link in what we have or if we even can?
If you using your cloud from company only or from few other places, you can allow traffic only from those IP's
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you so much btan but question, we have a IIS server and I do not see the htaccess file that is in that article? Is there a way to add this code to IIS for all of our sites?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.