httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "R'twick Niceorgaw" <pub...@utkalika.net>
Subject Re: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 23:05:01 GMT
I have put up some portion of the access and error log on my dev site. Take
a look at them to see what this guy was trying to pull. You can find them
here http://www.ezorissa.com/hack/error.txt
http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
attachments might be blocked by the list server.

I'm not sure what i'm trying to do.... but something I have in mind for the
cron job is
- if some one trying to access non existent files in cgi-bin ( or for that
matter from anywhere) repeatedly then block him
- if some one trying to access anything outside web root (by using ../
method) block them even though apache never serves these requests.

I have mod_perl installed but I'm not that familiar with perl that much ..
written few small scripts so far for my learning.
If you can give me something that can help or even some hints it will be of
great value to me.

Thanks for your help
-R'twick


----- Original Message -----
From: "Gareth Kirwan" <gbjk@thermeoneurope.com>
To: <public@utkalika.net>; <users@httpd.apache.org>
Sent: Tuesday, January 21, 2003 5:10 PM
Subject: RE: [users@httpd] how to block hackers ?


> That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> What evidence do you have of hackers attempting to abuse your server.
> The only evidence we ever have of anything untoward is the Windows
> exploitive worms, and we have a fair bit of traffic.
>
> btw - should have clicked that you were on Linux when you mentioned
> /etc/passwd
>
> If you give me an example of what it is you're afraid of I might be able
to
> give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> help you.
> This assumes you're a mod_perl user.
> If you're not - then I'll probably advocate it as a way of life to you
> anyway ;-)
>
>
> > I'm using redhat 7.3. may be i'll just setup a cron job for
> > now which will
> > look through the error_log/access_log and setup a ipchains
> > rule for the
> > hackers every half an hr or so. will that help ?
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message