httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Corp <ec...@corp.electracide.net>
Subject Re: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 23:21:56 GMT
Why bother with some corn job? There are tools already for this. Use
snort, and you can use it to do the blocking automatically(especially if
you are receivning alot of windows based worms(nimda and
such) - rules are already in place). www.snort.org.

On Tue, 21 Jan 2003, R'twick Niceorgaw wrote:

> I have put up some portion of the access and error log on my dev site. Take
> a look at them to see what this guy was trying to pull. You can find them
> here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
> 
> I'm not sure what i'm trying to do.... but something I have in mind for the
> cron job is
> - if some one trying to access non existent files in cgi-bin ( or for that
> matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
> 
> I have mod_perl installed but I'm not that familiar with perl that much ..
> written few small scripts so far for my learning.
> If you can give me something that can help or even some hints it will be of
> great value to me.
> 
> Thanks for your help
> -R'twick
> 
> 
> ----- Original Message -----
> From: "Gareth Kirwan" <gbjk@thermeoneurope.com>
> To: <public@utkalika.net>; <users@httpd.apache.org>
> Sent: Tuesday, January 21, 2003 5:10 PM
> Subject: RE: [users@httpd] how to block hackers ?
> 
> 
> > That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> > What evidence do you have of hackers attempting to abuse your server.
> > The only evidence we ever have of anything untoward is the Windows
> > exploitive worms, and we have a fair bit of traffic.
> >
> > btw - should have clicked that you were on Linux when you mentioned
> > /etc/passwd
> >
> > If you give me an example of what it is you're afraid of I might be able
> to
> > give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> > help you.
> > This assumes you're a mod_perl user.
> > If you're not - then I'll probably advocate it as a way of life to you
> > anyway ;-)
> >
> >
> > > I'm using redhat 7.3. may be i'll just setup a cron job for
> > > now which will
> > > look through the error_log/access_log and setup a ipchains
> > > rule for the
> > > hackers every half an hr or so. will that help ?
> >
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message