You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Martin Lindhe <ma...@humany.com> on 2002/02/07 13:38:48 UTC
how to block ip's?
hello! my error.log is daily filled with the iis-exploit crap like:
--
[Thu Feb 07 12:50:53 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/scripts/root.exe
[Thu Feb 07 12:50:54 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/msadc/root.exe
[Thu Feb 07 12:50:56 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/c/winnt/system32/cmd.exe
[Thu Feb 07 12:50:57 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/d/winnt/system32/cmd.exe
--
etc.. and i tried to investigate if i could set up some kind of rule with
apache that
permanently denies all requests from client IP if it ever requests a url
containing
either root.exe or cmd.exe (wich all these iis/codered/whatever-it-is-crap
seems to contain)
so quick quesion - is it possible?
and little longer question - may anyone please be willing to help me out
with setting this up, or point me in the right direction?
running apache 1.3.23 on windows xp
/Martin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: how to block ip's?
Posted by Mike Arrison <ar...@gnostech.com>.
Martin,
You're already sending them a big 'ol 404. What do you want to send them?
A forbidden? I don't really think it makes a difference.
As for not getting the error messages in the access log, I suggest doing
that post processing. Something like:
grep -v "root\.exe" access_log | grep -v "cmd\.exe"
-Mike Arrison
-----Original Message-----
From: Martin Lindhe [mailto:martin@humany.com]
Sent: Thursday, February 07, 2002 7:39 AM
To: 'users@httpd.apache.org'
Subject: how to block ip's?
hello! my error.log is daily filled with the iis-exploit crap like:
--
[Thu Feb 07 12:50:53 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/scripts/root.exe
[Thu Feb 07 12:50:54 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/msadc/root.exe
[Thu Feb 07 12:50:56 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/c/winnt/system32/cmd.exe
[Thu Feb 07 12:50:57 2002] [error] [client 195.159.135.94] File does not
exist: c:/webroot/d/winnt/system32/cmd.exe
--
etc.. and i tried to investigate if i could set up some kind of rule with
apache that
permanently denies all requests from client IP if it ever requests a url
containing
either root.exe or cmd.exe (wich all these iis/codered/whatever-it-is-crap
seems to contain)
so quick quesion - is it possible?
and little longer question - may anyone please be willing to help me out
with setting this up, or point me in the right direction?
running apache 1.3.23 on windows xp
/Martin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: how to block ip's?
Posted by Vernon A Webb <Ve...@net-nation.com>.
As you say this is for Windows I suggest you get BlackIce
from NetworkIce.com. I use it and it really is a must have
for security reasons, but I'm not so sure it will block all
of these the way you thing. What I do is monitor IPs from
one's that are really out of control and block them from me
either through my firewall, at the router, and/or with
BlackIce. Actually I'm using the network version, which is
far greater as it allows me to setup an entire network of
machine that I can effectively monitor and block. To top it
all off I use Windows IpSec, but I am running Windows 2000
Advanced Server. Windows XP has it built into the network
card connection. Just turn on the Firewall under the NIC
card in Network Connections.
-----Original Message-----
From: Martin Lindhe <ma...@humany.com>
To: "'users@httpd.apache.org'" <us...@httpd.apache.org>
Date: Thu, 7 Feb 2002 13:38:48 +0100
Subject: how to block ip's?
> hello! my error.log is daily filled with the iis-exploit
crap like:
> --
> [Thu Feb 07 12:50:53 2002] [error] [client
195.159.135.94] File does
> not
> exist: c:/webroot/scripts/root.exe
> [Thu Feb 07 12:50:54 2002] [error] [client
195.159.135.94] File does
> not
> exist: c:/webroot/msadc/root.exe
> [Thu Feb 07 12:50:56 2002] [error] [client
195.159.135.94] File does
> not
> exist: c:/webroot/c/winnt/system32/cmd.exe
> [Thu Feb 07 12:50:57 2002] [error] [client
195.159.135.94] File does
> not
> exist: c:/webroot/d/winnt/system32/cmd.exe
> --
> etc.. and i tried to investigate if i could set up some
kind of rule
> with
> apache that
> permanently denies all requests from client IP if it ever
requests a
> url
> containing
> either root.exe or cmd.exe (wich all these
> iis/codered/whatever-it-is-crap
> seems to contain)
>
> so quick quesion - is it possible?
> and little longer question - may anyone please be willing
to help me
> out
> with setting this up, or point me in the right direction?
> running apache 1.3.23 on windows xp
>
> /Martin
>
> ----------------------------------------------------------
-----------
> The official User-To-User support forum of the Apache
HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-
help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org