[CentOS] Apache Changing IPtables C 5.6 via Apache
Always Learning
centos at u61.u22.netSun Aug 21 11:05:32 UTC 2011
- Previous message: [CentOS] Apache Changing IPtables C 5.6 via Apache
- Next message: [CentOS] Apache Changing IPtables C 5.6 via Apache
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 2011-08-20 at 22:43 -0500, Barry Brimer wrote: > > When a web site is attacked, so far by unsuccessful hackers, my error > > routine adds the attackers IP address, prefixed by 'deny', to that web > > site's .htaccess file. It works and the attacker, on second and > > subsequent attacks, gets a 403 error response. > Have you looked at mod_evasive? > http://www.zdziarski.com/blog/?page_id=442 Thank you for the suggestion. I have just looked at it and see:- * Requesting the same page more than a few times per second * Making more than 50 concurrent requests on the same child per second * Making any requests while temporarily blacklisted ... My requirement, based on observations, is to instantly cut-off the IP's access as soon a wrong URL is entered. When a web page error occurs it is handled by a PHP routine. Two sets of checks show whether it was an 'innocent' mistake or a known hacking attempt. Currently known hacking attempts are blocked at the web site's .htaccess file. mod_evasive lacks the ability to compare the erroneous page request and then take action. Clive's helpful /etc/sudoers suggestion overnight seems ideal because (if it works for my routine) it will let me block an IP address at iptables and limit that blocking to a port. My check list has a 104 'words' which cause an IP address to be blocked. When my revised system is working satisfactorily with whole server blocking I will publish the details on the web. -- With best regards, Paul. England, EU.
- Previous message: [CentOS] Apache Changing IPtables C 5.6 via Apache
- Next message: [CentOS] Apache Changing IPtables C 5.6 via Apache
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list