Bob wrote: > > If this is a real attack then you were found by rolling through a whole > block of ip address looking for a open port 80. > Change your apache server to use different port say 7788 instead of port 80 > and then use the free www.zoneedit.com dns service to redirect all FQDN to > your websit to include the new port. From that point on only access to your > site would have to done through FQDN. And all those attack port 80 packets > would find no web server at port 80 ending this and future attacks leaving > all your normal server request using your FQDN working as they do now. This > is called hiding in plain sight. Apache does this, if you ask it. Make the 1st named virtual host (the default, or fallback host) ServerName example.com, and then completely blackhole all requests through a trivial AliasMatch .* -> /htdocs/noaccess.html. If there is no Host: or a worthless Host: header from the browser/spider/ malicious user, there will be nothing to serve for that user. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|