You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by R'twick Niceorgaw <pu...@utkalika.net> on 2003/01/21 17:26:10 UTC
[users@httpd] how to block hackers ?
Hi all,
is there any way i can specify in httpd.conf or htaccess file to deny access
to a specific IP if certain criteria is met in the request like if some one
tries to access /.htaccess or ../../etc/passwd ?
Regards
R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Koen Vingerhoets <ko...@ubench.com>.
Hi,
for iptables:
VIEW:
iptables -L -n --line-numbers
ADD:
iptables -A INPUT -p tcp --syn -s <IP ADDRESS> --destination-port 80 -j
REJECT
DELETE:
To reinstate the IP the rule must be deleted from the rules list. First,
list the rules:
iptables -L
Note which section the rule is in, should be first section "INPUT" then
figure our numerically which rule you want to delete (first rule being 1,
and so on). Once you have that number execute the following command to
remove the rule.
iptables -D <SECTION> <RULE NUMBER>
That's what I use on my online game to black the bad guys (yah it's a game,
we're being hacked (or at least we see the attempts) or DOS'ed more frequent
then Microsoft I think :s It's a Linux Mandrake if I remember well.
Met vriendelijke groet,
Koen Vingerhoets
***** UBench nv *****
http://www.ubench.com
____________________________________________
The information contained in this electronic mail message is privileged and
confidential,
and is intended only for use of the addressee. If you are not the intended
recipient, you
are hereby notified that any disclosure,reproduction, distribution or other
use of this
communication is strictly prohibited.
If you have received this communication in error, please notify the sender
by reply
transmission and delete the message without copying or disclosing it.
-----Original Message-----
From: Ezra [mailto:ezra@acedsl.com]
Sent: 22 January 2003 06:34
To: users@httpd.apache.org
Subject: Re: [users@httpd] how to block hackers ?
Hello R'twick:
If your using Linux, iptables might be
what your looking for. Though there is a steep learning curve(for me
anyway).
Ezra Taylor
R'twick Niceorgaw wrote:
>Hi all,
>is there any way i can specify in httpd.conf or htaccess file to deny
access
>to a specific IP if certain criteria is met in the request like if some
one
>tries to access /.htaccess or ../../etc/passwd ?
>
>Regards
>R'twick
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by Ezra <ez...@acedsl.com>.
Hello R'twick:
If your using Linux, iptables might be
what your looking for. Though there is a steep learning curve(for me
anyway).
Ezra Taylor
R'twick Niceorgaw wrote:
>Hi all,
>is there any way i can specify in httpd.conf or htaccess file to deny access
>to a specific IP if certain criteria is met in the request like if some one
>tries to access /.htaccess or ../../etc/passwd ?
>
>Regards
>R'twick
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
----- Original Message -----
From: "Jeremy Tinley" <jt...@unirez.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 21, 2003 11:37 AM
Subject: RE: [users@httpd] how to block hackers ?
DocumentRoot is chroot environment, meaning someone can't access
http://yourserver/../../etc/passwd, however, if they have access to the
filesystem, this is still an option.
To be honest, if you're not using shadows in place of the passwd file,
you're
asking for trouble to begin with.
The workarounds really depend upon what kind of environment you have setup.
If there will be trusted vs. untrusted users accessing your machine, what
type
of content you are serving, etc. If you feel comfortable, provide some
detail
as to what this server will be doing so that others can make more meaningful
suggestions about your environment:
Who has access to change the content?
Are you going to be allowing FTP access or will the modifications come
directly on the server?
If so, are these users trusted users, employees, or customers?
As for your other question, there is a directive for the httpd.conf file
(that
usually comes turned on by default) that disallows viewing of the .htaccess
files, so yes, you can restrict certain IPs (either blocked, or allowed) to
certain actions.
-J
I do use shadow password files.
I have a redhat 7.3 linux box with apache php 4.3 mod_perl
It's hosting 4 websites with name based hosting. they are mostly dynamic
contents pulled form databases or from a stratus machine via sockets.
there are two more trusted users who have ssh access to it. and few more can
use ftp. these ftp users are not that much trusted though they work for us
but are supposed to be non linux users and so are restricted to upload to
one directory outside the web directories. Only three users who has shell
access can put something in the doc roots after reviewing what others have
uploaded. .htaccess and anything outside the webroot are denied by apache.
also open_basedir for PHP is set properly for each web site. But, my company
is bit paranoid as there may be some leak somewhere which can compromise the
server as some one can get into the stratus boxes through it (which contains
highly sensitive data ). So, I'm just trying to make sure no one gets access
to the server.
Regards
-R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Jeremy Tinley <jt...@unirez.com>.
DocumentRoot is chroot environment, meaning someone can't access
http://yourserver/../../etc/passwd, however, if they have access to the
filesystem, this is still an option.
To be honest, if you're not using shadows in place of the passwd file, you're
asking for trouble to begin with.
The workarounds really depend upon what kind of environment you have setup.
If there will be trusted vs. untrusted users accessing your machine, what type
of content you are serving, etc. If you feel comfortable, provide some detail
as to what this server will be doing so that others can make more meaningful
suggestions about your environment:
Who has access to change the content?
Are you going to be allowing FTP access or will the modifications come
directly on the server?
If so, are these users trusted users, employees, or customers?
As for your other question, there is a directive for the httpd.conf file (that
usually comes turned on by default) that disallows viewing of the .htaccess
files, so yes, you can restrict certain IPs (either blocked, or allowed) to
certain actions.
-J
-----Original Message-----
From: R'twick Niceorgaw [mailto:public@utkalika.net]
Sent: Tuesday, January 21, 2003 10:26 AM
To: apache user list
Subject: [users@httpd] how to block hackers ?
Hi all,
is there any way i can specify in httpd.conf or htaccess file to deny access
to a specific IP if certain criteria is met in the request like if some one
tries to access /.htaccess or ../../etc/passwd ?
Regards
R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
Blame you - never...
It's got nothing to do with taking the piss, just hiding my motives - I'm
*actually* trying to eliminate the competition!!!
I'm half way through negotiations for a 5 year programming and support
contract for an "Apache upgrade" written in perl with him ;-)
Only joking.
he he.
> -----Original Message-----
> From: Ryan A [mailto:r@jumac.com]
> Sent: 21 January 2003 23:47
> To: users@httpd.apache.org; gbjk@thermeoneurope.com
> Subject: Re: [users@httpd] how to block hackers ?
>
>
> Hahahah
> Well said.
> The reason i wrote that was some people (sometimes me) just
> take the added
> security for peace of mind so that even when you know that
> you have done
> everything possible to block scum, you might have screwed up
> and the script
> adds an extra level of security and peace of mind.
> And hey, you cant blame a guy for trying can ya?
>
> Cheers,
> -Ryan.
>
> ----- Original Message -----
> From: "Gareth Kirwan" <gb...@thermeoneurope.com>
> To: <us...@httpd.apache.org>
> Sent: Wednesday, January 22, 2003 12:33 AM
> Subject: RE: [users@httpd] how to block hackers ?
>
>
> > .oO( because anyone offering to do it is missing an
> underlying concept of
> > why no script should be needed and therefore isn't
> qualified /anyway/ ;-)
> > :-p )
> >
> > Only kidding.
> >
> > Check my last mail for details on why it shouldn't be needed.
> >
> > -Gareth
> >
> > > -----Original Message-----
> > > From: Ryan A [mailto:r@jumac.com]
> > > Hi,
> > > Just one question, why dont you pay someone to program a PERL
> > > script for you
> > > using mod_perl?
> > > someone like me perhaps? ;-)
> > > Cheers,
> > > -Ryan.
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by Ryan A <r...@jumac.com>.
Hahahah
Well said.
The reason i wrote that was some people (sometimes me) just take the added
security for peace of mind so that even when you know that you have done
everything possible to block scum, you might have screwed up and the script
adds an extra level of security and peace of mind.
And hey, you cant blame a guy for trying can ya?
Cheers,
-Ryan.
----- Original Message -----
From: "Gareth Kirwan" <gb...@thermeoneurope.com>
To: <us...@httpd.apache.org>
Sent: Wednesday, January 22, 2003 12:33 AM
Subject: RE: [users@httpd] how to block hackers ?
> .oO( because anyone offering to do it is missing an underlying concept of
> why no script should be needed and therefore isn't qualified /anyway/ ;-)
> :-p )
>
> Only kidding.
>
> Check my last mail for details on why it shouldn't be needed.
>
> -Gareth
>
> > -----Original Message-----
> > From: Ryan A [mailto:r@jumac.com]
> > Hi,
> > Just one question, why dont you pay someone to program a PERL
> > script for you
> > using mod_perl?
> > someone like me perhaps? ;-)
> > Cheers,
> > -Ryan.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
.oO( because anyone offering to do it is missing an underlying concept of
why no script should be needed and therefore isn't qualified /anyway/ ;-)
:-p )
Only kidding.
Check my last mail for details on why it shouldn't be needed.
-Gareth
> -----Original Message-----
> From: Ryan A [mailto:r@jumac.com]
> Hi,
> Just one question, why dont you pay someone to program a PERL
> script for you
> using mod_perl?
> someone like me perhaps? ;-)
> Cheers,
> -Ryan.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
Ryan
Thanks for the offer. I'll keep your address in case I need anything... But
it will help me better if you can tell me your rate :)
-R'twick
-----Original Message-----
From: Ryan A [mailto:r@jumac.com]
Sent: Tuesday, January 21, 2003 6:26 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] how to block hackers ?
Hi,
Just one question, why dont you pay someone to program a PERL script for you
using mod_perl? someone like me perhaps? ;-) Cheers, -Ryan.
----- Original Message -----
From: "R'twick Niceorgaw" <pu...@utkalika.net>
To: <gb...@thermeoneurope.com>
Cc: "apache user list" <us...@httpd.apache.org>
Sent: Wednesday, January 22, 2003 12:05 AM
Subject: Re: [users@httpd] how to block hackers ?
> I have put up some portion of the access and error log on my dev site.
Take
> a look at them to see what this guy was trying to pull. You can find
> them here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
>
> I'm not sure what i'm trying to do.... but something I have in mind
> for
the
> cron job is
> - if some one trying to access non existent files in cgi-bin ( or for
> that matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
>
> I have mod_perl installed but I'm not that familiar with perl that
> much .. written few small scripts so far for my learning. If you can
> give me something that can help or even some hints it will be
of
> great value to me.
>
> Thanks for your help
> -R'twick
>
>
> ----- Original Message -----
> From: "Gareth Kirwan" <gb...@thermeoneurope.com>
> To: <pu...@utkalika.net>; <us...@httpd.apache.org>
> Sent: Tuesday, January 21, 2003 5:10 PM
> Subject: RE: [users@httpd] how to block hackers ?
>
>
> > That's entirely possible ( I'd suggest perl to do so, if you wanted
> > ). What evidence do you have of hackers attempting to abuse your
> > server. The only evidence we ever have of anything untoward is the
> > Windows exploitive worms, and we have a fair bit of traffic.
> >
> > btw - should have clicked that you were on Linux when you mentioned
> > /etc/passwd
> >
> > If you give me an example of what it is you're afraid of I might be
> > able
> to
> > give you an adaptive PerlHandler or PerlPostRequestRead handler that
would
> > help you.
> > This assumes you're a mod_perl user.
> > If you're not - then I'll probably advocate it as a way of life to
> > you anyway ;-)
> >
> >
> > > I'm using redhat 7.3. may be i'll just setup a cron job for now
> > > which will look through the error_log/access_log and setup a
> > > ipchains rule for the
> > > hackers every half an hr or so. will that help ?
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by Ryan A <r...@jumac.com>.
Hi,
Just one question, why dont you pay someone to program a PERL script for you
using mod_perl?
someone like me perhaps? ;-)
Cheers,
-Ryan.
----- Original Message -----
From: "R'twick Niceorgaw" <pu...@utkalika.net>
To: <gb...@thermeoneurope.com>
Cc: "apache user list" <us...@httpd.apache.org>
Sent: Wednesday, January 22, 2003 12:05 AM
Subject: Re: [users@httpd] how to block hackers ?
> I have put up some portion of the access and error log on my dev site.
Take
> a look at them to see what this guy was trying to pull. You can find them
> here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
>
> I'm not sure what i'm trying to do.... but something I have in mind for
the
> cron job is
> - if some one trying to access non existent files in cgi-bin ( or for that
> matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
>
> I have mod_perl installed but I'm not that familiar with perl that much ..
> written few small scripts so far for my learning.
> If you can give me something that can help or even some hints it will be
of
> great value to me.
>
> Thanks for your help
> -R'twick
>
>
> ----- Original Message -----
> From: "Gareth Kirwan" <gb...@thermeoneurope.com>
> To: <pu...@utkalika.net>; <us...@httpd.apache.org>
> Sent: Tuesday, January 21, 2003 5:10 PM
> Subject: RE: [users@httpd] how to block hackers ?
>
>
> > That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> > What evidence do you have of hackers attempting to abuse your server.
> > The only evidence we ever have of anything untoward is the Windows
> > exploitive worms, and we have a fair bit of traffic.
> >
> > btw - should have clicked that you were on Linux when you mentioned
> > /etc/passwd
> >
> > If you give me an example of what it is you're afraid of I might be able
> to
> > give you an adaptive PerlHandler or PerlPostRequestRead handler that
would
> > help you.
> > This assumes you're a mod_perl user.
> > If you're not - then I'll probably advocate it as a way of life to you
> > anyway ;-)
> >
> >
> > > I'm using redhat 7.3. may be i'll just setup a cron job for
> > > now which will
> > > look through the error_log/access_log and setup a ipchains
> > > rule for the
> > > hackers every half an hr or so. will that help ?
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
I too first thought it's some one doing, then thought may be he's running a
script.
I also don't feel this way he can gain much access, and may be I can
convince my manager with all these info not to worry much. I'll watch the
server log for few more days and if this continues then will try to do
something.
Thanks for the server-info, server-status stuff on too . This ezorisa.com
is my personal box. I just got a dedicated box two days ago and moved from a
virtual hosting to here. So was trying to play with it and left these open.
But the attack was on my company's server where these are all blocked :)
-R'twick
-----Original Message-----
From: Gareth Kirwan [mailto:gbjk@thermeoneurope.com]
Sent: Tuesday, January 21, 2003 6:32 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] how to block hackers ?
At first I was very confused by this.
I've certainly never noticed such a long and relentless attack on an httpd
server. When I started to look at it in more detail I realised it's not a
person - it's a worm / hydra. The speed and proximity of timings of some of
the requests rules out human attempts - but then the distance between some
of the requests makes the notion of it being automated odd - since it should
be almost instant. It IS possible it was a guy using several screens and
typing away - but I
*VERY* much doubt it.
It was trying every which way possible to gain access to private information
on your server, and when it found it didn't get a rejection it would have
reported it's findings to the owner. It was, in most cases, hoping for a
directory listing which it could abuse.
I don't think you need to worry too much.
Get your httpd.conf down to minimal lines with minimal comments, and make
sure you understand them all. That way you don't have documentation you
didn't write - and you can see what you're dealing with. Use
httpd.apache.org/docs/ as a reference for the commands you don't know.
Apache comes by default with LOADS of stuff you don't need - modules you'll
never use .. bla bla Cut most of it out.
One of the surprising things about this hack is that he didn't test your
mod_info installation. If he had he would have instantly had access to a lot
of your information and been able to see your vulnerabilities. I'm not
alerting anyone dangerous to this by telling you it in a mailing list, so
don't get worried... but: I've just seen that your mod_info IS on, so is
extendedStatus AND you don't have any restrictions on it:
http://www.ezorissa.com/server-info
There a hacker could find out important information about your server and
the versions running on it... It's a one stop shop for all your weaknesses,
build info etc. For instance: it gives full information on your current
mod_ssl configuration. You should *immediately* edit your httpd.conf and
change the <location> directive for server-info and server-status to Deny
from all, and Allow from an Ip address - or use require valid-user. I'm
hinging a guess you might need Vim help to ... just vi httpd.conf; then
/server-info to search for it...
That kind of thing you should be able to understand better when you do your
httpd.conf cut down. You'll find other things in there you've never touched
before, look them up and find out they're dangerous or that you don't need
them. Common stuff to cut out is PHP, and some of the apache modules loaded
/ added at the start of the configuration.
As for this attack - once you're sure that your httpd.conf is in good order
attacks like his shouldn't worry you. It *is* a pain to have your log filled
up - and if it's something that's been sustained you could try tracing the
IP address to the ISP and contacting them about the user logged on at the
time. However you shouldn't need to worry about him getting in once your
httpd.conf is in order - since relying on denying repetitive attacks based
on their repetition leaves you in a hard spot: You get a false sense of
security - and then when someone attacks you from a random IP-Address - or
spoofs it in his request header - then your system will fail and you might
become susceptible to an issue that you might have not considered before
because you were relying on your denial of requests to iterative rejections.
If you still want to write a script to do this ( and everything I've said
should point you in a different, more secure, direction ) then let me know
and I can help further.
Regards
Gareth
> -----Original Message-----
> From: R'twick Niceorgaw [mailto:public@utkalika.net]
> I have put up some portion of the access and error log on my dev site.
> Take a look at them to see what this guy was trying to pull. You
> can find them
> here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
>
> I'm not sure what i'm trying to do.... but something I have in mind
> for the cron job is
> - if some one trying to access non existent files in cgi-bin
> ( or for that
> matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
>
> I have mod_perl installed but I'm not that familiar with perl that
> much .. written few small scripts so far for my learning.
> If you can give me something that can help or even some hints
> it will be of
> great value to me.
>
> Thanks for your help
> -R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
At first I was very confused by this.
I've certainly never noticed such a long and relentless attack on an httpd
server.
When I started to look at it in more detail I realised it's not a person -
it's a worm / hydra.
The speed and proximity of timings of some of the requests rules out human
attempts - but then the distance between some of the requests makes the
notion
of it being automated odd - since it should be almost instant.
It IS possible it was a guy using several screens and typing away - but I
*VERY* much doubt it.
It was trying every which way possible to gain access to private information
on your server, and when it found it didn't get a rejection it would have
reported it's findings to the owner.
It was, in most cases, hoping for a directory listing which it could abuse.
I don't think you need to worry too much.
Get your httpd.conf down to minimal lines with minimal comments, and make
sure you understand them all.
That way you don't have documentation you didn't write - and you can see
what you're dealing with.
Use httpd.apache.org/docs/ as a reference for the commands you don't know.
Apache comes by default with LOADS of stuff you don't need - modules you'll
never use .. bla bla
Cut most of it out.
One of the surprising things about this hack is that he didn't test your
mod_info installation.
If he had he would have instantly had access to a lot of your information
and been able to see your vulnerabilities.
I'm not alerting anyone dangerous to this by telling you it in a mailing
list, so don't get worried... but:
I've just seen that your mod_info IS on, so is extendedStatus AND you don't
have any restrictions on it:
http://www.ezorissa.com/server-info
There a hacker could find out important information about your server and
the versions running on it...
It's a one stop shop for all your weaknesses, build info etc.
For instance: it gives full information on your current mod_ssl
configuration.
You should *immediately* edit your httpd.conf and change the <location>
directive for server-info and server-status to Deny from all, and Allow from
an Ip address - or use require valid-user.
I'm hinging a guess you might need Vim help to ... just vi httpd.conf; then
/server-info to search for it...
That kind of thing you should be able to understand better when you do your
httpd.conf cut down.
You'll find other things in there you've never touched before, look them up
and find out they're dangerous or that you don't need them.
Common stuff to cut out is PHP, and some of the apache modules loaded /
added at the start of the configuration.
As for this attack - once you're sure that your httpd.conf is in good order
attacks like his shouldn't worry you.
It *is* a pain to have your log filled up - and if it's something that's
been sustained you could try tracing the IP address to the ISP and
contacting them about the user logged on at the time.
However you shouldn't need to worry about him getting in once your
httpd.conf is in order - since relying on denying repetitive attacks based
on their repetition leaves you in a hard spot:
You get a false sense of security - and then when someone attacks you from a
random IP-Address - or spoofs it in his request header - then your system
will fail and you might become susceptible to an issue
that you might have not considered before because you were relying on your
denial of requests to iterative rejections.
If you still want to write a script to do this ( and everything I've said
should point you in a different, more secure, direction ) then let me know
and I can help further.
Regards
Gareth
> -----Original Message-----
> From: R'twick Niceorgaw [mailto:public@utkalika.net]
> I have put up some portion of the access and error log on my
> dev site. Take
> a look at them to see what this guy was trying to pull. You
> can find them
> here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
>
> I'm not sure what i'm trying to do.... but something I have
> in mind for the
> cron job is
> - if some one trying to access non existent files in cgi-bin
> ( or for that
> matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
>
> I have mod_perl installed but I'm not that familiar with perl
> that much ..
> written few small scripts so far for my learning.
> If you can give me something that can help or even some hints
> it will be of
> great value to me.
>
> Thanks for your help
> -R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
Corp's got a good point though.
If you did feel the need - then there are tools out there for it.
However I'd personally discourage this - since an awareness of what worms
are about, how they're evolving and what they're doing / their frequency is
healthy for a web administrator.
I recently wrote a perl log handler and nightly log analyser which will gzip
the files from the day anyway, so space isn't really an issue.
The analysis of the day can include the activities of any worms and other
attacks - to let you know how things are going.
Just some thoughts
Gareth
> -----Original Message-----
> From: Corp [mailto:ecorp@corp.electracide.net]
> heh.."corn"..cron dammit! :)
>
> On Tue, 21 Jan 2003, Corp wrote:
>
> > Why bother with some corn job? There are tools already for this. Use
> > snort, and you can use it to do the blocking
> automatically(especially if
> > you are receivning alot of windows based worms(nimda and
> > such) - rules are already in place). www.snort.org.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by Corp <ec...@corp.electracide.net>.
heh.."corn"..cron dammit! :)
On Tue, 21 Jan 2003, Corp wrote:
> Why bother with some corn job? There are tools already for this. Use
> snort, and you can use it to do the blocking automatically(especially if
> you are receivning alot of windows based worms(nimda and
> such) - rules are already in place). www.snort.org.
>
> On Tue, 21 Jan 2003, R'twick Niceorgaw wrote:
>
> > I have put up some portion of the access and error log on my dev site. Take
> > a look at them to see what this guy was trying to pull. You can find them
> > here http://www.ezorissa.com/hack/error.txt
> > http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> > attachments might be blocked by the list server.
> >
> > I'm not sure what i'm trying to do.... but something I have in mind for the
> > cron job is
> > - if some one trying to access non existent files in cgi-bin ( or for that
> > matter from anywhere) repeatedly then block him
> > - if some one trying to access anything outside web root (by using ../
> > method) block them even though apache never serves these requests.
> >
> > I have mod_perl installed but I'm not that familiar with perl that much ..
> > written few small scripts so far for my learning.
> > If you can give me something that can help or even some hints it will be of
> > great value to me.
> >
> > Thanks for your help
> > -R'twick
> >
> >
> > ----- Original Message -----
> > From: "Gareth Kirwan" <gb...@thermeoneurope.com>
> > To: <pu...@utkalika.net>; <us...@httpd.apache.org>
> > Sent: Tuesday, January 21, 2003 5:10 PM
> > Subject: RE: [users@httpd] how to block hackers ?
> >
> >
> > > That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> > > What evidence do you have of hackers attempting to abuse your server.
> > > The only evidence we ever have of anything untoward is the Windows
> > > exploitive worms, and we have a fair bit of traffic.
> > >
> > > btw - should have clicked that you were on Linux when you mentioned
> > > /etc/passwd
> > >
> > > If you give me an example of what it is you're afraid of I might be able
> > to
> > > give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> > > help you.
> > > This assumes you're a mod_perl user.
> > > If you're not - then I'll probably advocate it as a way of life to you
> > > anyway ;-)
> > >
> > >
> > > > I'm using redhat 7.3. may be i'll just setup a cron job for
> > > > now which will
> > > > look through the error_log/access_log and setup a ipchains
> > > > rule for the
> > > > hackers every half an hr or so. will that help ?
> > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by Corp <ec...@corp.electracide.net>.
Why bother with some corn job? There are tools already for this. Use
snort, and you can use it to do the blocking automatically(especially if
you are receivning alot of windows based worms(nimda and
such) - rules are already in place). www.snort.org.
On Tue, 21 Jan 2003, R'twick Niceorgaw wrote:
> I have put up some portion of the access and error log on my dev site. Take
> a look at them to see what this guy was trying to pull. You can find them
> here http://www.ezorissa.com/hack/error.txt
> http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
> attachments might be blocked by the list server.
>
> I'm not sure what i'm trying to do.... but something I have in mind for the
> cron job is
> - if some one trying to access non existent files in cgi-bin ( or for that
> matter from anywhere) repeatedly then block him
> - if some one trying to access anything outside web root (by using ../
> method) block them even though apache never serves these requests.
>
> I have mod_perl installed but I'm not that familiar with perl that much ..
> written few small scripts so far for my learning.
> If you can give me something that can help or even some hints it will be of
> great value to me.
>
> Thanks for your help
> -R'twick
>
>
> ----- Original Message -----
> From: "Gareth Kirwan" <gb...@thermeoneurope.com>
> To: <pu...@utkalika.net>; <us...@httpd.apache.org>
> Sent: Tuesday, January 21, 2003 5:10 PM
> Subject: RE: [users@httpd] how to block hackers ?
>
>
> > That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> > What evidence do you have of hackers attempting to abuse your server.
> > The only evidence we ever have of anything untoward is the Windows
> > exploitive worms, and we have a fair bit of traffic.
> >
> > btw - should have clicked that you were on Linux when you mentioned
> > /etc/passwd
> >
> > If you give me an example of what it is you're afraid of I might be able
> to
> > give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> > help you.
> > This assumes you're a mod_perl user.
> > If you're not - then I'll probably advocate it as a way of life to you
> > anyway ;-)
> >
> >
> > > I'm using redhat 7.3. may be i'll just setup a cron job for
> > > now which will
> > > look through the error_log/access_log and setup a ipchains
> > > rule for the
> > > hackers every half an hr or so. will that help ?
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
I have put up some portion of the access and error log on my dev site. Take
a look at them to see what this guy was trying to pull. You can find them
here http://www.ezorissa.com/hack/error.txt
http://www.ezorissa.com/hack/access.txt I didn't attach them thinking
attachments might be blocked by the list server.
I'm not sure what i'm trying to do.... but something I have in mind for the
cron job is
- if some one trying to access non existent files in cgi-bin ( or for that
matter from anywhere) repeatedly then block him
- if some one trying to access anything outside web root (by using ../
method) block them even though apache never serves these requests.
I have mod_perl installed but I'm not that familiar with perl that much ..
written few small scripts so far for my learning.
If you can give me something that can help or even some hints it will be of
great value to me.
Thanks for your help
-R'twick
----- Original Message -----
From: "Gareth Kirwan" <gb...@thermeoneurope.com>
To: <pu...@utkalika.net>; <us...@httpd.apache.org>
Sent: Tuesday, January 21, 2003 5:10 PM
Subject: RE: [users@httpd] how to block hackers ?
> That's entirely possible ( I'd suggest perl to do so, if you wanted ).
> What evidence do you have of hackers attempting to abuse your server.
> The only evidence we ever have of anything untoward is the Windows
> exploitive worms, and we have a fair bit of traffic.
>
> btw - should have clicked that you were on Linux when you mentioned
> /etc/passwd
>
> If you give me an example of what it is you're afraid of I might be able
to
> give you an adaptive PerlHandler or PerlPostRequestRead handler that would
> help you.
> This assumes you're a mod_perl user.
> If you're not - then I'll probably advocate it as a way of life to you
> anyway ;-)
>
>
> > I'm using redhat 7.3. may be i'll just setup a cron job for
> > now which will
> > look through the error_log/access_log and setup a ipchains
> > rule for the
> > hackers every half an hr or so. will that help ?
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
That's entirely possible ( I'd suggest perl to do so, if you wanted ).
What evidence do you have of hackers attempting to abuse your server.
The only evidence we ever have of anything untoward is the Windows
exploitive worms, and we have a fair bit of traffic.
btw - should have clicked that you were on Linux when you mentioned
/etc/passwd
If you give me an example of what it is you're afraid of I might be able to
give you an adaptive PerlHandler or PerlPostRequestRead handler that would
help you.
This assumes you're a mod_perl user.
If you're not - then I'll probably advocate it as a way of life to you
anyway ;-)
> I'm using redhat 7.3. may be i'll just setup a cron job for
> now which will
> look through the error_log/access_log and setup a ipchains
> rule for the
> hackers every half an hr or so. will that help ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
----- Original Message -----
From: "Gareth Kirwan" <gb...@thermeoneurope.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 21, 2003 12:00 PM
Subject: RE: [users@httpd] how to block hackers ?
> R'twick
>
> It's a learning curve for us all - don't worry.
> You want to have adaptive request handlers.
> These normally come from having a more sophisticated web server in place
> using a dynamic content server in place ( ie Mason )
>
> I'm guessing that right now all I need to do is to tell you to not worry
so
> much about hackers.
> Check your access and error logs daily and make sure you're not getting
> anything out of the ordinary.
> You probably won't be needing to block requests due to hackers very often.
> Sometimes people add a return forbidden statement to requests looking for
> /cmd/ but that's more just to stop their logs getting filled up with the
> crap that worms generate when they're trying to check you're a windows
> machine.
>
> You're NOT running windows, are you ?
>
> Gareth
Thanks Gareth,
I'm using redhat 7.3. may be i'll just setup a cron job for now which will
look through the error_log/access_log and setup a ipchains rule for the
hackers every half an hr or so. will that help ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
R'twick
It's a learning curve for us all - don't worry.
You want to have adaptive request handlers.
These normally come from having a more sophisticated web server in place
using a dynamic content server in place ( ie Mason )
I'm guessing that right now all I need to do is to tell you to not worry so
much about hackers.
Check your access and error logs daily and make sure you're not getting
anything out of the ordinary.
You probably won't be needing to block requests due to hackers very often.
Sometimes people add a return forbidden statement to requests looking for
/cmd/ but that's more just to stop their logs getting filled up with the
crap that worms generate when they're trying to check you're a windows
machine.
You're NOT running windows, are you ?
Gareth
> my server didn't allow acess to .htaccess or any files
> outside the document
> root. So, I think my setup is ok ( still learning).
> Deny from x.x.x.x requires me to manualy edit the file and
> restart apache
> and is good for just that ip. I'm sure a hacker will change
> his ip address
> next time he attacks. So, what I was looking for is some means so that
> apache will automatically block an IP if it meets certain
> criteria in the
> request string or if there's been a very high volume of
> request form one
> site in certain amount of time.
>
> R'twick
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to block hackers ?
Posted by R'twick Niceorgaw <pu...@utkalika.net>.
----- Original Message -----
From: "Gareth Kirwan" <gb...@thermeoneurope.com>
To: <us...@httpd.apache.org>
Sent: Tuesday, January 21, 2003 11:38 AM
Subject: RE: [users@httpd] how to block hackers ?
> Sorry for the top post.
>
> 1) Nobody should have access to your .ht* files.
> A default configuration in your httpd.conf is:
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> Satisfy All
> </Files>
>
> 2) ../../etc/passwd: They shouldn't / can't access documents outside the
> directory structure of the site.
>
> 3) For general blocking just use
> Order allow, deny
> Allow from all
> Deny from x.x.x.x
> [ Though Order might be the other way round, but I'm fairly sure that's
> right ]
>
Thanks Gareth,
my server didn't allow acess to .htaccess or any files outside the document
root. So, I think my setup is ok ( still learning).
Deny from x.x.x.x requires me to manualy edit the file and restart apache
and is good for just that ip. I'm sure a hacker will change his ip address
next time he attacks. So, what I was looking for is some means so that
apache will automatically block an IP if it meets certain criteria in the
request string or if there's been a very high volume of request form one
site in certain amount of time.
R'twick
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] suid and perl
Posted by Xiongfei Wang <wa...@arches.uga.edu>.
I have read the an instruction of a software. but i do not understand one
sentence in the instruction:
"
In order for suid to work, this feature needs to be configured into Perl
when it is compiled. You may need to reinstall Perl if suid was not
enabled"
my question is how can i check if suid aleready be compiled (or
configured) into perl? if not how to complile or configure it to perl.
i have redhat 7.3 linux server.
J.P.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to block hackers ?
Posted by Gareth Kirwan <gb...@thermeoneurope.com>.
Sorry for the top post.
1) Nobody should have access to your .ht* files.
A default configuration in your httpd.conf is:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
2) ../../etc/passwd: They shouldn't / can't access documents outside the
directory structure of the site.
3) For general blocking just use
Order allow, deny
Allow from all
Deny from x.x.x.x
[ Though Order might be the other way round, but I'm fairly sure that's
right ]
> -----Original Message-----
> From: R'twick Niceorgaw [mailto:public@utkalika.net]
> Hi all,
> is there any way i can specify in httpd.conf or htaccess file
> to deny access
> to a specific IP if certain criteria is met in the request
> like if some one
> tries to access /.htaccess or ../../etc/passwd ?
>
> Regards
> R'twick
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org