Stealthing a vhost

Peter Horn <peter.horn@xxxxxxxxxxx> · Thu, 20 May 2010 15:52:16 +1000

I have a home server running 4 name vhosts, using a dynamic DNS. The 

second, third and fourth vhosts are "real" and known to the DNS. The 

default (first) vhost is only accessible by IP address (or an abstruse 

and unpublished servername). It gets quite a bit of traffic by IP 

address which is clearly attempted intrusion. I have "nailed down" the 

vhost so any access receives an error response [but see footnote 1 for 

an exception]. This does not stop the intruders, of course. If they get 

any kind of response at all, they keep trying. Reporting abuse to ISPs 

does not seem to help significantly.

What I would love to do is behave like a good firewall and not respond 

at all to these [insert derogatory expletive]s. I have looked high and 

low in the Apache docs and can't find any way to NOT respond. There are 

lots of ways to set up sophisticated error responses, but no way of 

staying silent.

Anyone got any ideas, or should I float this in front of dev@ ?

[1] An HTTP OPTIONS request is (correctly) responded to with 200 OK. I 

thought this was a bug until I read the RFC again, slowly. An OPTIONS 

request refers to the SERVER, not the HOST.

[2] For anyone that wants to provoke an attack, visit http://88.80.10.1 

from (the public IP of) your server. I haven't tried this recently, so 

you may find they've been shut down. They are far from the worst 

offenders, but easy to provoke.

Regards to all,
Peter

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx