LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Script kiddies keep hitting my apache server (http://www.linuxquestions.org/questions/slackware-14/script-kiddies-keep-hitting-my-apache-server-377154/)

user1442 10-26-2005 01:59 PM

Script kiddies keep hitting my apache server
 
Tons of stuff in my log. Googling has told me that I can fix this my doing a redirect. I think I can take of that.

My question is it ethical to try to connect to their systems if I don't break anything? Two particular ips show up again and again. Remember, I am new, and this is all in the spirit of experimentation. :)


If this is an inappropriate question for this forum, let me know.

Tinkster 10-26-2005 02:20 PM

Disallow those IPs in your /etc/hosts.deny
Quick and easy fix

I'm not sure I understand what you mean with a
redirect, and how you would get that to their machines?




Cheers,
Tink

Jeebizz 10-26-2005 02:38 PM

You could also report them to their own isp, just get the names of the ip from a whois, like www.arin.net/whois , and make sure you supply a log with the information necessary, and then just email it to abuse@<offendersisp>.net/com

Fritz_Monroe 10-26-2005 03:02 PM

As much as I'd like to tell you to connect to their machine, it's probably illegal. Best to just report it to their ISP and let them cut them off.

F_M

user1442 10-26-2005 04:40 PM

Thanks for the comments. I'll report them. That makes sense.

Tinkster: I found a how-to (I forgot to bookmark it; I'll find it and post it) that detailed editing one of your apache config files to redirects certain requests. Like this:

[ip of offending punk]- - [24/Oct/2005:05:21:04 -0400] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\

I don't know if it works as I haven't tried it (and have been using apache for about a week)

And, Tinkster, my investigation of the things showing up in my log lead to research about security, and security tools. I am *sure* you know all this stuff, but if you want we can continue this in PM, because I don't want to clutter up your board with this crap.

EDIT: The link in question: http://aplawrence.com/Blog/B1234.html

netcrawl 10-26-2005 05:01 PM

It's just an attempt to use a Windows exploit... I expect they're getting a "404" type response and nothing more. It's easier to just ignore them; it's water off a ducks back, sorta'. They'll probably give up, and even if they don't, there's no harm done.

Logrotate is your friend.

NeoNero 10-27-2005 09:42 AM

I've just installed an apache server on a spare pc to act as a low-grade web server just to learn new things. I'm a complete noob with linux and this thread has got me thinking... what if I'm hacked??

Can someone point me to a very step-by-step guide to ensuring apache security? I find the man pages quite intense sometimes.. though I do have a router as the first gateway in from the internet/world and it blocks all ports but 80.

Harkov 10-27-2005 12:02 PM

I don't know about a apache security how-to, but if you're just trying to learn something about apachetry running it on a different port than 80 or 8080. That way you won't show up people's scans when they're scanning an ip range for those ports


All times are GMT -5. The time now is 10:40 AM.