Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] Entriy in apache log
Well, if you have ipchains, the script can use it. There's no harm in
trying!

If you need any help setting it up (which is fairly easy) or anything else,
just mail me; I'd be happy to help out where I can.

Rogier
----- Original Message -----
From: "Bob B" <n1uan@xxxxxxxxxxxxxxx>
To: "Rogier Maas" <icarus@xxxxxxxxxx>
Cc: <suse-security@xxxxxxxx>; <abaesche@xxxxxxxxxx>
Sent: Friday, December 21, 2001 11:54
Subject: Re: [suse-security] Entriy in apache log


> ok thanks for the info i guess then right now i cant use the script as i
> have no idea about ipchains and how or what i would need to do!
> thanks
> BOB
>
>
> On Fri, 21 Dec 2001, Rogier Maas wrote:
>
> > The script blocks the hosts by adding them to the ipchains IP filter.
You'll
> > have to have it in order for it to work. ;-)
> >
> > When a host is blocked, it cannot surf to your box using port 80
anymore. So
> > no more entries or hacking can be done on that port on your box.
> >
> > Rogier
> >
> > ----- Original Message -----
> > From: "Bob B" <n1uan@xxxxxxxxxxxxxxx>
> > To: "Rogier Maas" <icarus@xxxxxxxxxx>
> > Cc: <suse-security@xxxxxxxx>; <abaesche@xxxxxxxxxx>
> > Sent: Friday, December 21, 2001 11:44
> > Subject: Re: [suse-security] Entriy in apache log
> >
> >
> > > do you have to have ipchains running or will this work without it!
> > >
> > >
> > > On Fri, 21 Dec 2001, Rogier Maas wrote:
> > >
> > > > Yes; Code red.. I wrote myself a little script to block all those
hosts
> > > > trying certain url's. It's on http://antinimda.hafnet.com for
download.
> > It
> > > > also shows the amount of hosts blocked. It's amazing how many blocks
I
> > have
> > > > already...
> > > >
> > > > ----- Original Message -----
> > > > From: <abaesche@xxxxxxxxxx>
> > > > To: <suse-security@xxxxxxxx>
> > > > Sent: Friday, December 21, 2001 10:14
> > > > Subject: [suse-security] Entriy in apache log
> > > >
> > > >
> > > > > Hi all,
> > > > >
> > > > > I have this entries in my apache log. Anyone an idear
> > > > > what this is?
> > > > >
> > > > > 203.236.245.154 - - [18/Dec/2001:21:23:54 +0100]
> > > > >
> > > >
> >
"GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > >
> >
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > >
> >
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
> > > >
> >
NNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc
> > > >
> >
bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
> > > > >
> > > > > HTTP/1.0" 404 205
> > > > >
> > > > > Thanks
> > > > >
> > > > > Armin
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > >
> > > >
> > >
> > >
> >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> >
> >
>
>


< Previous Next >
Follow Ups
References