How to prevent Directory Buster/Enumerator (DirB) attacks?

  apache, php, security, ubuntu

I have an apache server (Apache/2.4.29 – Ubuntu: 18.04.3 LTS [Bionic Beaver]). I have been recently noticed that the website hosted on it is vulnerable to Directory Buster attacks. This means the attacker can read the entire structure of the website and the PHP code of the website (not sure about this).

I have searched over the web and felt that Apache 2.4.29 cannot inherently stop Directory Buster attacks. Though I have found one solution which suggests adding the REWRITE rule in the .htaccess file which seems okay only when the attacker isn’t changing the headers in the attack tool (Directory Buster for instance) if he changes the headers he can simply read the website’s structure.

How can I completely stop the Directory Buster attacks? (without buying an expensive IDS – if possible)

Here is what I have gathered from the web so far as the "Possible Solution" for this scenario which suggested to include the below code in the .htaccess file in the root directory on the website:

RewriteEngine On 
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} dirbuster [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} nikto [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} SF [OR] 
RewriteCond %{HTTP_USER_AGENT} sqlmap [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} fimap [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} nessus [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} whatweb [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} Openvas [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} jbrofuzz [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} libwhisker [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} webshag [NC,OR] 
RewriteCond %{HTTP:Acunetix-Product} ^WVS 
RewriteRule ^.* http://127.0.0.1/ [R=301,L] 
</IfModule>

Source: Ask PHP

LEAVE A COMMENT