ok let me ask this first can i just have ipchains on the box without changing and routig etc that is set now as i wouldnt want to make an major overhaul! On Fri, 21 Dec 2001, Rogier Maas wrote:
Well, if you have ipchains, the script can use it. There's no harm in trying!
If you need any help setting it up (which is fairly easy) or anything else, just mail me; I'd be happy to help out where I can.
Rogier ----- Original Message ----- From: "Bob B"
To: "Rogier Maas" Cc: ; Sent: Friday, December 21, 2001 11:54 Subject: Re: [suse-security] Entriy in apache log ok thanks for the info i guess then right now i cant use the script as i have no idea about ipchains and how or what i would need to do! thanks BOB
On Fri, 21 Dec 2001, Rogier Maas wrote:
The script blocks the hosts by adding them to the ipchains IP filter. You'll have to have it in order for it to work. ;-)
When a host is blocked, it cannot surf to your box using port 80 anymore. So no more entries or hacking can be done on that port on your box.
Rogier
----- Original Message ----- From: "Bob B"
To: "Rogier Maas" Cc: ; Sent: Friday, December 21, 2001 11:44 Subject: Re: [suse-security] Entriy in apache log do you have to have ipchains running or will this work without it!
On Fri, 21 Dec 2001, Rogier Maas wrote:
Yes; Code red.. I wrote myself a little script to block all those hosts trying certain url's. It's on http://antinimda.hafnet.com for download. It also shows the amount of hosts blocked. It's amazing how many blocks I have already...
----- Original Message ----- From:
To: Sent: Friday, December 21, 2001 10:14 Subject: [suse-security] Entriy in apache log Hi all,
I have this entries in my apache log. Anyone an idear what this is?
203.236.245.154 - - [18/Dec/2001:21:23:54 +0100]
"GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 205
Thanks
Armin
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com