Mailinglist Archive: opensuse (3644 mails)

< Previous Next >
Re: [SLE] web log
  • From: Landy Roman <landy@xxxxxxxxxxxxxxx>
  • Date: Wed, 13 Mar 2002 07:42:32 -0500 (EST)
  • Message-id: <20020313124232.500483281CC@xxxxxxxxxxxxxxx>
On Wed, 13 Mar 2002 08:20:18 +0100
Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx> wrote:

On Wednesday 13 March 2002 00.46, James Bliss wrote:
This is the Code Red / Nimda attack signatures. You can just ignore
them since you are not at risk. I know, they really clutter up the
logs though.

I do not think there is a way to keep them out of the log, on the
security list they went around on this and I do not remember any
specific resolution which would keep them out of the log files.
(anyone know of a way to avoid logging these entries?)

This is included in SuSE's official 2.4.16 kernel. Don't know about
2.4.10

iptables -I INPUT -j DROP -m string -p tcp -s 0.0.0.0/0 --dport 80
--string "default.ida"

(Adjust the string to suit other virus patterns). This will drop the
attempt at the firewall level, before it ever gets to your apache.

//Anders

--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com


any idea why the return code was 400 and not 404?

< Previous Next >