Re: Apache Changing IPtables C 5.6 via Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 2011-08-20 at 22:43 -0500, Barry Brimer wrote:

> > When a web site is attacked, so far by unsuccessful hackers, my error
> > routine adds the attackers IP address, prefixed by 'deny', to that web
> > site's .htaccess file. It works and the attacker, on second and
> > subsequent attacks, gets a 403 error response.

> Have you looked at mod_evasive? 
> http://www.zdziarski.com/blog/?page_id=442

Thank you for the suggestion. I have just looked at it and see:-

  * Requesting the same page more than a few times per second

  * Making more than 50 concurrent requests on the same child per second

  * Making any requests while temporarily blacklisted ... 

My requirement, based on observations, is to instantly cut-off the IP's
access as soon a wrong URL is entered. When a web page error occurs it
is handled by a PHP routine. Two sets of checks show whether it was an
'innocent' mistake or a known hacking attempt. Currently known hacking
attempts are blocked at the web site's .htaccess file.

mod_evasive lacks the ability to compare the erroneous page request and
then take action. Clive's helpful /etc/sudoers suggestion overnight
seems ideal because (if it works for my routine) it will let me block an
IP address at iptables and limit that blocking to a port.

My check list has a 104 'words' which cause an IP address to be blocked.
When my revised system is working satisfactorily with whole server
blocking I will publish the details on the web.


-- 
With best regards,

Paul.
England,
EU.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux