[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] error log emergency

Subject: Re: [cobalt-users] error log emergency
From: Kris Dahl <krislists@xxxxxxxxxxxxx>
Date: Fri Sep 15 09:34:40 2000

on 9/15/00 12:12 AM, Mike Fritsch at mfritsch@xxxxxxxxxxxx wrote:

>> I recently caught a hacker trying to hack a password protected site on my
>> 3i unit.   I was able to deny him/her service vi a deny line in the
>> ..htacces file of the protected directory.   This worked fine and I can see
>> the malicious person being denied just keeps on churning hits at me even
>> though they're being denied.  If this keeps up it will rapidly make my
>> error log grow huge and possibly crash my machine (the intent?).
>
> I believe you can put his IP into the hosts.deny file.

Correct me if I am wrong but I don't think that hosts.deny will prevent web
access.  It will stop telnet, ftp, etc--essentially inetd services.

Incidentally, .htaccess should not really be considered 'security' or
blocking.  Just isn't really what it is designed for.  Also it only
'protects' you from the user accessing that part of your web server (that is
unless they  are able to circumvent the protection).

If you have a malicious user you'll want to block them at the kernel level
using IPChains or something.

The command you want to use is
ipchains -I input -s 192.168.1.1 -j DENY -l

Where 192.168.1.1 is the ip of the offending host.

-k

Follow-Ups:
- Re: [cobalt-users] error log emergency
  - From: Zeffie

References:
- Re: [cobalt-users] error log emergency
  - From: Mike Fritsch

Prev by Date: RE: [cobalt-users] RE: Rack Equipment Recommendations
Next by Date: Re: [cobalt-users] RE: Rack Equipment Recommendations
Previous by thread: Re: [cobalt-users] error log emergency
Next by thread: Re: [cobalt-users] error log emergency

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index