Re: httpd access_logs-security


Subject: Re: httpd access_logs-security
From: The Alaskan Bear (akbear@akbearsden.com)
Date: Wed Jan 16 2002 - 18:43:39 AKST


here is the last one I saw.

-- 
Ted Montgomery
The Alaskan Bear's Den
akbear@akbearsden.com
Registered Linux User: #253251
907-242-9824

-- There are some things lots of money can buy ... -- -- For everything else, there is LINUX ... --

----- Forwarded message from Jim Courtney <courtney@ieee.org> -----

I used the 'string match' module for iptables to get rid of nimda.

$IPTABLES -A INPUT -m tcp -p tcp --dport 80 -j DROP -m string --string ".exe?"

Anybody trying to download a ".exe" gets their packets dropped before they get to your web server. Works for me.

JC

At 05:48 PM 12/29/2001 -0900, W.D.McKinney wrote:

>Well something like this maybe ? > >#!/bin/sh >tail -f /path/to/log/httpd/access_log|gawk '/default.ida|scripts/ >{system("/sbin/route add -host "$1" reject")}' > > > >William Bouterse <bill@bouterse.com> wrote: > > > > After the overwhelming inundation of Nimidia and others and continued > > bloat of my home server access_logs and the recent malicious cracking > into a member of this lists server, I was wondering....? > > > > Where is one of those nice little scripts I remember seeing > > to bounce back the access attempts returning them to the attention > > of the administrator of the infected server? Or other suggestions > > for a realatively non-sophisticated linux user. > > > > I have misplaced the email concerning the cracked server and was wondering > > what the outcome of it all was and whether or not the members of this > group have a notification process setup whereas any comfirmed exploit is > immediately announced Perhaps "SECURITY ALERT"!!! > > ...Sometimes the list grows long with various discussions and I for one > have a tendency to skim and sometimes forget which is why I am writing > this....It would be nice to know the details of > > security issues as it can affect us all both home user and business... > > > > I still have not perfected the balance between > > too much and too little security > > > > > > William Bouterse > > Talkeetna, Ak. > > >-- >W.D.McKinney (Dee) >(907)349-4308 (Office) >(907)349-2226 (Fax) >http://3519098920

----- End forwarded message -----



This archive was generated by hypermail 2a23 : Wed Jan 16 2002 - 18:43:43 AKST