[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] How to block

Subject: [cobalt-users] How to block
From: Bob G7 <Bob_G7@xxxxxxxxxx>
Date: Mon Oct 14 08:04:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I'm getting hammered by these in my /var/log/httpd/access log:

www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:45 -0500] "GET /s
cripts/root.exe?/c+dir HTTP/1.0" 302 228 "-" "-"
www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:45 -0500] "GET /M
SADC/root.exe?/c+dir HTTP/1.0" 302 226 "-" "-"
www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:45 -0500] "GET /c
/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:46 -0500] "GET /d
/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-"
www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:46 -0500] "GET /s
cripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 252 "-" "-"

I'm talking hundreds on entries like this. How can I block this ip address,
the log file is getting huge, there non-stop hitting the server.

I'm thinking in hosts.deny, but don't know the correct syntax to do it.

Thanks

Follow-Ups:
- Re: [cobalt-users] How to block
  - From: Denny Jodeit
- RE: [cobalt-users] How to block
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] Certs Location?
Next by Date: Re: [cobalt-users] New question - Majordomo Welcome Message...
Previous by thread: Re: [cobalt-users] Certs Location?
Next by thread: Re: [cobalt-users] How to block

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index