ok thanks for the info i guess then right now i cant use the script as i have no idea about ipchains and how or what i would need to do! thanks BOB On Fri, 21 Dec 2001, Rogier Maas wrote:
The script blocks the hosts by adding them to the ipchains IP filter. You'll have to have it in order for it to work. ;-)
When a host is blocked, it cannot surf to your box using port 80 anymore. So no more entries or hacking can be done on that port on your box.
Rogier
----- Original Message ----- From: "Bob B" <n1uan@bridgenettn.com> To: "Rogier Maas" <icarus@hafnet.com> Cc: <suse-security@suse.com>; <abaesche@worklab.de> Sent: Friday, December 21, 2001 11:44 Subject: Re: [suse-security] Entriy in apache log
do you have to have ipchains running or will this work without it!
On Fri, 21 Dec 2001, Rogier Maas wrote:
Yes; Code red.. I wrote myself a little script to block all those hosts trying certain url's. It's on http://antinimda.hafnet.com for download. It also shows the amount of hosts blocked. It's amazing how many blocks I have already...
----- Original Message ----- From: <abaesche@worklab.de> To: <suse-security@suse.com> Sent: Friday, December 21, 2001 10:14 Subject: [suse-security] Entriy in apache log
Hi all,
I have this entries in my apache log. Anyone an idear what this is?
203.236.245.154 - - [18/Dec/2001:21:23:54 +0100]
"GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
HTTP/1.0" 404 205
Thanks
Armin
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com