Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Entriy in apache log
  • From: Bob B <n1uan@xxxxxxxxxxxxxxx>
  • Date: Fri, 21 Dec 2001 06:00:50 -0500 (EST)
  • Message-id: <Pine.LNX.4.33.0112210559560.8298-100000@xxxxxxxxxxxxxx>
ok let me ask this first can i just have ipchains on the box without
changing and routig etc that is set now as i wouldnt want to make an
major overhaul!


On Fri, 21 Dec 2001, Rogier Maas wrote:

> Well, if you have ipchains, the script can use it. There's no harm in
> trying!
>
> If you need any help setting it up (which is fairly easy) or anything else,
> just mail me; I'd be happy to help out where I can.
>
> Rogier
> ----- Original Message -----
> From: "Bob B" <n1uan@xxxxxxxxxxxxxxx>
> To: "Rogier Maas" <icarus@xxxxxxxxxx>
> Cc: <suse-security@xxxxxxxx>; <abaesche@xxxxxxxxxx>
> Sent: Friday, December 21, 2001 11:54
> Subject: Re: [suse-security] Entriy in apache log
>
>
> > ok thanks for the info i guess then right now i cant use the script as i
> > have no idea about ipchains and how or what i would need to do!
> > thanks
> > BOB
> >
> >
> > On Fri, 21 Dec 2001, Rogier Maas wrote:
> >
> > > The script blocks the hosts by adding them to the ipchains IP filter.
> You'll
> > > have to have it in order for it to work. ;-)
> > >
> > > When a host is blocked, it cannot surf to your box using port 80
> anymore. So
> > > no more entries or hacking can be done on that port on your box.
> > >
> > > Rogier
> > >
> > > ----- Original Message -----
> > > From: "Bob B" <n1uan@xxxxxxxxxxxxxxx>
> > > To: "Rogier Maas" <icarus@xxxxxxxxxx>
> > > Cc: <suse-security@xxxxxxxx>; <abaesche@xxxxxxxxxx>
> > > Sent: Friday, December 21, 2001 11:44
> > > Subject: Re: [suse-security] Entriy in apache log
> > >
> > >
> > > > do you have to have ipchains running or will this work without it!
> > > >
> > > >
> > > > On Fri, 21 Dec 2001, Rogier Maas wrote:
> > > >
> > > > > Yes; Code red.. I wrote myself a little script to block all those
> hosts
> > > > > trying certain url's. It's on http://antinimda.hafnet.com for
> download.
> > > It
> > > > > also shows the amount of hosts blocked. It's amazing how many blocks
> I
> > > have
> > > > > already...
> > > > >
> > > > > ----- Original Message -----
> > > > > From: <abaesche@xxxxxxxxxx>
> > > > > To: <suse-security@xxxxxxxx>
> > > > > Sent: Friday, December 21, 2001 10:14
> > > > > Subject: [suse-security] Entriy in apache log
> > > > >
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > I have this entries in my apache log. Anyone an idear
> > > > > > what this is?
> > > > > >
> > > > > > 203.236.245.154 - - [18/Dec/2001:21:23:54 +0100]
> > > > > >
> > > > >
> > >
> "GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > > >
> > >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > > >
> > >
> NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > > >
> > >
> NNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> > > > >
> > >
> bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > > > > >
> > > > > > HTTP/1.0" 404 205
> > > > > >
> > > > > > Thanks
> > > > > >
> > > > > > Armin
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > >
> > >
> >
> >
>
>


< Previous Next >
References