Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 9030 invoked by uid 500); 7 Feb 2002 12:47:59 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 9019 invoked from network); 7 Feb 2002 12:47:59 -0000 Received: from sparky.gnostech.com (207.103.243.10) by daedalus.apache.org with SMTP; 7 Feb 2002 12:47:59 -0000 Received: from berlioz ([207.103.243.58]) by sparky.gnostech.com (8.11.4/8.11.4) with SMTP id g17CZPL14284 for ; Thu, 7 Feb 2002 07:35:26 -0500 (EST) From: "Mike Arrison" To: Subject: RE: how to block ip's? Date: Thu, 7 Feb 2002 07:47:50 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <831D8A28AF18D5119EAA00E018C5B81C23BD26@MAIL1> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Martin, You're already sending them a big 'ol 404. What do you want to send them? A forbidden? I don't really think it makes a difference. As for not getting the error messages in the access log, I suggest doing that post processing. Something like: grep -v "root\.exe" access_log | grep -v "cmd\.exe" -Mike Arrison -----Original Message----- From: Martin Lindhe [mailto:martin@humany.com] Sent: Thursday, February 07, 2002 7:39 AM To: 'users@httpd.apache.org' Subject: how to block ip's? hello! my error.log is daily filled with the iis-exploit crap like: -- [Thu Feb 07 12:50:53 2002] [error] [client 195.159.135.94] File does not exist: c:/webroot/scripts/root.exe [Thu Feb 07 12:50:54 2002] [error] [client 195.159.135.94] File does not exist: c:/webroot/msadc/root.exe [Thu Feb 07 12:50:56 2002] [error] [client 195.159.135.94] File does not exist: c:/webroot/c/winnt/system32/cmd.exe [Thu Feb 07 12:50:57 2002] [error] [client 195.159.135.94] File does not exist: c:/webroot/d/winnt/system32/cmd.exe -- etc.. and i tried to investigate if i could set up some kind of rule with apache that permanently denies all requests from client IP if it ever requests a url containing either root.exe or cmd.exe (wich all these iis/codered/whatever-it-is-crap seems to contain) so quick quesion - is it possible? and little longer question - may anyone please be willing to help me out with setting this up, or point me in the right direction? running apache 1.3.23 on windows xp /Martin --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org