httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gareth Kirwan" <g...@thermeoneurope.com>
Subject RE: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 17:00:48 GMT
R'twick

It's a learning curve for us all - don't worry.
You want to have adaptive request handlers.
These normally come from having a more sophisticated web server in place
using a dynamic content server in place ( ie Mason )

I'm guessing that right now all I need to do is to tell you to not worry so
much about hackers.
Check your access and error logs daily and make sure you're not getting
anything out of the ordinary.
You probably won't be needing to block requests due to hackers very often.
Sometimes people add a return forbidden statement to requests looking for
/cmd/ but that's more just to stop their logs getting filled up with the
crap that worms generate when they're trying to check you're a windows
machine.

You're NOT running windows, are you ?

Gareth


> my server didn't allow acess to .htaccess or any files
> outside the document
> root. So, I think my setup is ok ( still learning).
> Deny from x.x.x.x requires me to manualy edit the file and
> restart apache
> and is good for just that ip. I'm sure a hacker will change
> his ip address
> next time he attacks. So, what I was looking for is some means so that
> apache will automatically block an IP if it meets certain
> criteria in the
> request string or if there's been a very high volume of
> request form one
> site in certain amount of time.
>
> R'twick
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message