Hi there, On Fri, 18 Jan 2008, Mike Leahy wrote: > I'm wondering if anyone knows of a simple way to filter out bad HTTP > requests being sent to my server. I don't think it's simple. There are many sneaky exploiters Out There. We use scripts which tail the Apache logs (via syslog-ng) looking for suspicious activity. The definition of 'suspicious' is wide, fluid and contained in a database which also records actions taken by the scripts. We only use iptables at the back end of this system, the parameters for blocking are controlled by the scripts. > I've iptables setup to do this sort of thing with brute force ssh > login attempts. I wonder if there's a need to accept ssh connections at all from most of the IPs that you see attacking you; my boxes accept ssh connections permanently from only two or three known IPs. We see no brute force attacks whatever, as an IP just can't connect if it isn't known to us. We implemented a form of port knocking for mobile users. -- 73, Ged. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html