[users@httpd] Automatic Deny List Updating for IP from Threat-Identified Hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Apache 2.0.53 running on WinXP Pro

Neophyte question:

Is there a way to automatically update the list of IPs that are denied service (even http responses...just drop the request) when they are making clear attempts either to deny service or even take control of the system? Some people trying to gain access to my documents legitimately with a university network get a "failure to establish a connection" on the broswer and even I get that from the host running the server.



The error log is below for today (when I put Apache actively taking on port 80 service). The access log show entries from these hosts where they get the root document index obviously to see a working server, then they issue a SEARCH http request with a hugely long string....trying to exploit buffer overruns??


[Thu Dec 15 08:33:37 2005] [error] [client 80.251.42.208] request failed: URI too long (longer than 8190) [Thu Dec 15 08:43:52 2005] [error] [client 80.251.42.205] request failed: URI too long (longer than 8190) [Thu Dec 15 08:43:52 2005] [info] (OS 10054)An existing connection was forcibly closed by the remote host. : core_output_filter: writing data to the network [Thu Dec 15 08:44:21 2005] [error] [client 80.251.42.205] request failed: URI too long (longer than 8190) [Thu Dec 15 08:49:08 2005] [error] [client 80.251.42.210] request failed: URI too long (longer than 8190) [Thu Dec 15 08:49:09 2005] [info] (OS 10054)An existing connection was forcibly closed by the remote host. : core_output_filter: writing data to the network [Thu Dec 15 08:55:09 2005] [error] [client 80.251.42.239] request failed: URI too long (longer than 8190) [Thu Dec 15 08:55:09 2005] [info] (OS 10054)An existing connection was forcibly closed by the remote host. : core_output_filter: writing data to the network [Thu Dec 15 08:55:14 2005] [error] [client 80.251.42.230] request failed: URI too long (longer than 8190)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux