httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "S. M. Halloran" <Mitchell.Hallo...@ankara.edu.tr>
Subject [users@httpd] Automatic Deny List Updating for IP from Threat-Identified Hosts
Date Thu, 15 Dec 2005 11:58:05 GMT

Apache 2.0.53 running on WinXP Pro

Neophyte question:

Is there a way to automatically update the list of IPs that are denied service 
(even http responses...just drop the request) when they are making clear 
attempts either to deny service or even take control of the system?  Some people 
trying to gain access to my documents legitimately with a university network get 
a "failure to establish a connection" on the broswer and even I get that from 
the host running the server.



The error log is below for today (when I put Apache actively taking on port 80 
service).  The access log show entries from these hosts where they get the root 
document index obviously to see a working server, then they issue a SEARCH http 
request with a hugely long string....trying to exploit buffer overruns??


[Thu Dec 15 08:33:37 2005] [error] [client 80.251.42.208] request failed: URI 
too long (longer than 8190)
[Thu Dec 15 08:43:52 2005] [error] [client 80.251.42.205] request failed: URI 
too long (longer than 8190)
[Thu Dec 15 08:43:52 2005] [info] (OS 10054)An existing connection was forcibly 
closed by the remote host.  : core_output_filter: writing data to the network
[Thu Dec 15 08:44:21 2005] [error] [client 80.251.42.205] request failed: URI 
too long (longer than 8190)
[Thu Dec 15 08:49:08 2005] [error] [client 80.251.42.210] request failed: URI 
too long (longer than 8190)
[Thu Dec 15 08:49:09 2005] [info] (OS 10054)An existing connection was forcibly 
closed by the remote host.  : core_output_filter: writing data to the network
[Thu Dec 15 08:55:09 2005] [error] [client 80.251.42.239] request failed: URI 
too long (longer than 8190)
[Thu Dec 15 08:55:09 2005] [info] (OS 10054)An existing connection was forcibly 
closed by the remote host.  : core_output_filter: writing data to the network
[Thu Dec 15 08:55:14 2005] [error] [client 80.251.42.230] request failed: URI 
too long (longer than 8190)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message