httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Corp <ec...@corp.electracide.net>
Subject Re: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 23:26:18 GMT
heh.."corn"..cron dammit! :)

On Tue, 21 Jan 2003, Corp wrote:

> Why bother with some corn job? There are tools already for this. Use
> snort, and you can use it to do the blocking automatically(especially if
> you are receivning alot of windows based worms(nimda and
> such) - rules are already in place). www.snort.org.
> 
> On Tue, 21 Jan 2003, R'twick Niceorgaw wrote:
> 
> > I have put up some portion of the access and error log on my dev site. Take
> > a look at them to see what this guy was trying to pull. You can find them
> > here http://www.ezorissa.com/hack/error.txt
> > http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> > attachments might be blocked by the list server.
> > 
> > I'm not sure what i'm trying to do.... but something I have in mind for the
> > cron job is
> > - if some one trying to access non existent files in cgi-bin ( or for that
> > matter from anywhere) repeatedly then block him
> > - if some one trying to access anything outside web root (by using ../
> > method) block them even though apache never serves these requests.
> > 
> > I have mod_perl installed but I'm not that familiar with perl that much ..
> > written few small scripts so far for my learning.
> > If you can give me something that can help or even some hints it will be of
> > great value to me.
> > 
> > Thanks for your help
> > -R'twick
> > 
> > 
> > ----- Original Message -----
> > From: "Gareth Kirwan" <gbjk@thermeoneurope.com>
> > To: <public@utkalika.net>; <users@httpd.apache.org>
> > Sent: Tuesday, January 21, 2003 5:10 PM
> > Subject: RE: [users@httpd] how to block hackers ?
> > 
> > 
> > > That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> > > What evidence do you have of hackers attempting to abuse your server.
> > > The only evidence we ever have of anything untoward is the Windows
> > > exploitive worms, and we have a fair bit of traffic.
> > >
> > > btw - should have clicked that you were on Linux when you mentioned
> > > /etc/passwd
> > >
> > > If you give me an example of what it is you're afraid of I might be able
> > to
> > > give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> > > help you.
> > > This assumes you're a mod_perl user.
> > > If you're not - then I'll probably advocate it as a way of life to you
> > > anyway ;-)
> > >
> > >
> > > > I'm using redhat 7.3. may be i'll just setup a cron job for
> > > > now which will
> > > > look through the error_log/access_log and setup a ipchains
> > > > rule for the
> > > > hackers every half an hr or so. will that help ?
> > >
> > >
> > >
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message