Security Basics mailing list archives
Re: Apache attacks
From: bernie () e-mich com
Date: Thu, 27 Jan 2005 21:15:03 -0500
Kenny, Another thing you might want to look at it Dshield.org, this is a upadted dailt list of subnets around the world that are know for hack attempts and other types of un-ethical network activity. The link I sent you earlier to www.rfxnetworks.com has APF the Advanced Protection Firewall in the projects link. This firewall can be set up to update this list every day and block those networks from your network. It also has a module for BFD Brute Force Detection that will block IP's or subnets that try to brute force you SSH and FTP. This firewall is based on IPtables, which I would bcome real familiar with if you want to protect your network, if you find APF to be to daunting at first try KISS firewall http://www.geocities.com/steve93138/ or Firestarter http://www.fs-security.com/. Some people prefer Firestarter as it works with a GUI and requires GTK. These will be great tools in trying to keep the script kiddies out and the other more serious intrusions. But like any firewal they are never 100% and it takes allot of tools to keep your network safe. Also remember security is a trade of between ease of use and protection. Just my 2 cents B.Johnson Quoting Bernie Johnson <bernie () e-mich com>:
Kenny, Look at www.rfxnetworks.com and get APF, BFD and look at the other scripts there. This should od what you want and need. B. Johnson On Wed, 2005-01-26 at 15:56, Kenny wrote:Hi List, Long time reader, first time poster.. My server crashed yesturday and I had to restart it, to get it going again. Now everything seems ok, however looking at my /var/log/httpd/access_log.1 shows a visitor to the website posting some big chunks of exploit code (containing a massive nop sled). How do I know if this attacker actually got in or not? This is a redhat fedora core 2 box, and I would describe myself as an "intermediate" linux user. Also, has anyone got any scripts that can detect attacks against apache and ban the ip for a period of time? I will post the exploit on request. Thanks, Kenny--
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- Apache attacks Kenny (Jan 27)
- Re: Apache attacks Bernie Johnson (Jan 27)
- Re: Apache attacks Micheal Cottingham (Jan 28)
- Re: Apache attacks bernie (Jan 28)
- Re: Apache attacks KillKenny (Jan 28)
- Re: Apache attacks Dan Margolis (Jan 28)
- Re: Apache attacks Ty Bodell (Jan 31)
- <Possible follow-ups>
- Re: Apache attacks miguel . dilaj (Jan 31)
- Re: Apache attacks Bernie Johnson (Jan 27)