Hi Valeri,
On Fri, September 26, 2014 8:32 pm, Always Learning wrote:
Don't use cgi. Have no /cgi directory. Don't load mod_cgi
Bash is patched (updated to new version). Automatically bloke IPs of anyone trying to hack Apache. Am I safe ?
You are. But if you run the server you do want to serve what you want to serve. Now, imagine hotel, everybody in it is behind a single router. One person has hacked machine that tried to tap into your server. You block the IP, therefore everyone in Hotel... Now do you want to serve it? If not why to start Apache at all? However, my case is different. If servers of our Departments don't serve anything [we need] to everybody, they do not need me, sysadmin, desktop support guy will be more suitable (and probably less expensive).
If a hacker, always using someone else's compromised computer, attempts to break-in, their IP is blocked for all traffic within about 1 second.
Yes that means one hacked computer's IP address is blocked for mail and web. I decline to let the hacker have repeated attempts to hack into, or abuse, any of my web sites.
If there are only a few access attempts after the IP address is blocked, the ban will expire monthly. If there are very many attempts, then the ban will expire about 3 weeks after the attempts stop.
If this inconvenience's an innocent web user, I have neither ability to detect the inconvenience nor to determine the user's innocence. I understand your hotel analogue. In England many hotel guests use their mobile phones or tablets - not on wifi but on direct radio (mobile telephone) links; each link having a distinctive IP address.
If the web hacker is operating through a data centre, then I permanently block, for port 80, the whole of the data centre's known IP block.
The alternative is to be a willing victim.
Best regards,
Paul England - the USA's government's pet European poodle.