httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Arrison" <arri...@gnostech.com>
Subject RE: how to block ip's?
Date Thu, 07 Feb 2002 12:47:50 GMT
Martin,
	You're already sending them a big 'ol 404.  What do you want to send them?
A forbidden?  I don't really think it makes a difference.
	As for not getting the error messages in the access log, I suggest doing
that post processing.  Something like:

grep -v "root\.exe" access_log | grep -v "cmd\.exe"

     -Mike Arrison


-----Original Message-----
From: Martin Lindhe [mailto:martin@humany.com]
Sent: Thursday, February 07, 2002 7:39 AM
To: 'users@httpd.apache.org'
Subject: how to block ip's?


hello! my error.log is daily filled with the iis-exploit crap like:
--
[Thu Feb 07 12:50:53 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/scripts/root.exe
[Thu Feb 07 12:50:54 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/msadc/root.exe
[Thu Feb 07 12:50:56 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/c/winnt/system32/cmd.exe
[Thu Feb 07 12:50:57 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/d/winnt/system32/cmd.exe
--
etc..  and i tried to investigate if i could set up some kind of rule with
apache that
permanently denies all requests from client IP if it ever requests a url
containing
either root.exe or cmd.exe (wich all these iis/codered/whatever-it-is-crap
seems to contain)

so quick quesion - is it possible?
and little longer question - may anyone please be willing to help me out
with setting this up, or point me in the right direction?
running apache 1.3.23 on windows xp

/Martin

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message