Hi All, Last days I often see below messages in Apache log files: 1.1.1.1 - - [09/Jul/2003:17:32:00+0200] "POST http://11.1.106.18:25/ HTTP/1.1" 200 475 "-" "-" I suspect some kind of HTML protocol attack and want to stop this. Can I do it somehow with IP-Tables as it is already installed on the server or do you have any other ideas? I use SuSE 8.1 and SuSEfirewall2 with SuSEfirewall2-custom rules. Thanks for your replies. Muammer
Well they seem to be posting to port 25. If your not using port 25 for anything specific then just block the port. Other wise you can enable the string option in Iptables to search for a specific text then drop it.
Hi All,
Last days I often see below messages in Apache log files: 1.1.1.1 - - [09/Jul/2003:17:32:00+0200] "POST http://11.1.106.18:25/ HTTP/1.1" 200 475 > "-" "-"
I suspect some kind of HTML protocol attack and want to stop this. Can I do it somehow with IP-Tables as it is already installed on the server or do you have any other ideas? I use SuSE 8.1 and SuSEfirewall2 with SuSEfirewall2-custom rules.
Thanks for your replies.
Muammer
Did a quick search on the netfilter site and this is what I found regarding the match string module
Last days I often see below messages in Apache log files: 1.1.1.1 - - [09/Jul/2003:17:32:00+0200] "POST http://11.1.106.18:25/ HTTP/1.1" 200 475 > "-" "-"
3.18 string patch
This patch by Emmanuel Roger
participants (2)
-
Muammer Arslan
-
studio3arc.com Admin