Ali Nebi wrote:
Thanks for the reply. I use shorewall firewall. I will try to configure it to drop these hosts.
Off topic now (nd assuming this is a non commercial web service) Add the ip addresses to /etc/shorewall/blacklists and ensure blacklists is added to the correct line in the /ec/shorewall/interfaces file. i.e. fox ~ # grep blacklist /etc/shorewall/interfaces# blacklist - Check packets arriving on this interface
# against the /etc/shorewall/blacklist net eth1 - blacklist net ppp0 - blacklist fox ~ # and fox ~ # tail -5 /etc/shorewall/blacklist 24.64.108.109/32 24.64.187.143/32 #ADDRESS/SUBNET PROTOCOL PORT #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Is there some way to deny these accesses with rewriterule? If yes how it should looks like?
If I wanted to try and feed the infected machine something that may trigger it I would consider an errordocument handler but anything beyond a standard error may cause the infected machine to conside your system as 'open'. Instead, have the errordoc handler write the IP address to a log and feed this (carefully) into your blacklist file. Jacqui --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|