[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] How to block

in /etc/httpd/conf/httpd.conf  there is an access line.  you can block by ip address.

-jim


-----Original Message-----
From: Dan Kriwitsky [mailto:list1@xxxxxxxxxxxxxxxxxxxx]
Sent: Monday, October 14, 2002 12:28 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] How to block


> I'm getting hammered by these in my /var/log/httpd/access log:
> 
> www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - - 
> [13/Oct/2002:12:34:45 -0500] "GET /s cripts/root.exe?/c+dir 
> HTTP/1.0" 302 228 "-" "-" www.domain.net 
> adsl-65-70-187-38.dsl.rcsntx.swbell.net - - 
> [13/Oct/2002:12:34:45 -0500] "GET /M SADC/root.exe?/c+dir 
> HTTP/1.0" 302 226 "-" "-" www.domain.net 
> adsl-65-70-187-38.dsl.rcsntx.swbell.net - - 
> [13/Oct/2002:12:34:45 -0500] "GET /c 
> /winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 236 "-" "-" 
www.domain.net adsl-65-70-187-38.dsl.rcsntx.swbell.net - -
[13/Oct/2002:12:34:46 -0500] "GET /d /winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 236 "-" "-" www.domain.net
adsl-65-70-187-38.dsl.rcsntx.swbell.net - - [13/Oct/2002:12:34:46 -0500]
"GET /s cripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 252
"-" "-"

I'm talking hundreds on entries like this. How can I block this ip
address, the log file is getting huge, there non-stop hitting the
server.


There are some rewrite rules out there for this for httpd.conf so it's
server wide.
    RedirectMatch /default.ida http://127.0.0.1/
    RedirectMatch /root.exe http://127.0.0.1/
    RedirectMatch /cmd.exe http://127.0.0.1/

http://archives.neohapsis.com/archives/incidents/2001-09/0318.html

-- 
Dan Kriwitsky
 

_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users