Re: httpd access_logs-security

Subject: Re: httpd access_logs-security
From: The Alaskan Bear (akbear@akbearsden.com)
Date: Wed Jan 16 2002 - 18:42:08 AKST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: The Alaskan Bear: "Re: httpd access_logs-security"
Previous message: Greg Jetter: "Re: httpd access log question"
Next in thread: The Alaskan Bear: "Re: httpd access_logs-security"

Here is one of them...I will be forwarding 2 more.

-- Ted Montgomery The Alaskan Bear's Den akbear@akbearsden.com Registered Linux User: #253251 907-242-9824

-- There are some things lots of money can buy ... -- -- For everything else, there is LINUX ... --

----- Forwarded message from "W.D.McKinney" <deem@wdm.com> -----

Delivered-To: akbear@akbearsden.com Delivered-To: aklug@aklug.org From: "W.D.McKinney" <deem@wdm.com> Date: Sat, 29 Dec 2001 17:48:13 -0900 (AKST) To: aklug@aklug.org Subject: Re: httpd access_logs-security et al In-Reply-To: <20011229164001.1d334145.bill@bouterse.com> X-Mailer: Ishmail 1.9.12-20011101-i686-pc-linux-gnu <http://ishmail.sourceforge.net> X-listar-version: Listar v1.0.0 Errors-To: aklug-bounce@aklug.org X-original-sender: deem@wdm.com Precedence: bulk X-list: aklug

Well something like this maybe ?

#!/bin/sh tail -f /path/to/log/httpd/access_log|gawk '/default.ida|scripts/ {system("/sbin/route add -host "$1" reject")}'

William Bouterse <bill@bouterse.com> wrote: > > After the overwhelming inundation of Nimidia and others and continued > bloat of my home server access_logs and the recent malicious cracking into a member of this lists server, I was wondering....? > > Where is one of those nice little scripts I remember seeing > to bounce back the access attempts returning them to the attention > of the administrator of the infected server? Or other suggestions > for a realatively non-sophisticated linux user. > > I have misplaced the email concerning the cracked server and was wondering > what the outcome of it all was and whether or not the members of this group have a notification process setup whereas any comfirmed exploit is immediately announced Perhaps "SECURITY ALERT"!!! > ...Sometimes the list grows long with various discussions and I for one have a tendency to skim and sometimes forget which is why I am writing this....It would be nice to know the details of > security issues as it can affect us all both home user and business... > > I still have not perfected the balance between > too much and too little security > > > William Bouterse > Talkeetna, Ak.

-- W.D.McKinney (Dee) (907)349-4308 (Office) (907)349-2226 (Fax) http://3519098920

----- End forwarded message -----

Next message: The Alaskan Bear: "Re: httpd access_logs-security"
Previous message: Greg Jetter: "Re: httpd access log question"
Next in thread: The Alaskan Bear: "Re: httpd access_logs-security"

This archive was generated by hypermail 2a23 : Wed Jan 16 2002 - 18:42:11 AKST