Tons of stuff in my log. Googling has told me that I can fix this my doing a redirect. I think I can take of that.

My question is it ethical to try to connect to their systems if I don't break anything? Two particular ips show up again and again. Remember, I am new, and this is all in the spirit of experimentation.


If this is an inappropriate question for this forum, let me know.

Disallow those IPs in your /etc/hosts.deny
Quick and easy fix

I'm not sure I understand what you mean with a
redirect, and how you would get that to their machines?




Cheers,
Tink

You could also report them to their own isp, just get the names of the ip from a whois, like www.arin.net/whois , and make sure you supply a log with the information necessary, and then just email it to abuse@<offendersisp>.net/com

As much as I'd like to tell you to connect to their machine, it's probably illegal. Best to just report it to their ISP and let them cut them off.

F_M

Thanks for the comments. I'll report them. That makes sense.

Tinkster: I found a how-to (I forgot to bookmark it; I'll find it and post it) that detailed editing one of your apache config files to redirects certain requests. Like this:

[ip of offending punk]- - [24/Oct/2005:05:21:04 -0400] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\

I don't know if it works as I haven't tried it (and have been using apache for about a week)

And, Tinkster, my investigation of the things showing up in my log lead to research about security, and security tools. I am *sure* you know all this stuff, but if you want we can continue this in PM, because I don't want to clutter up your board with this crap.

EDIT: The link in question: http://aplawrence.com/Blog/B1234.html

It's just an attempt to use a Windows exploit... I expect they're getting a "404" type response and nothing more. It's easier to just ignore them; it's water off a ducks back, sorta'. They'll probably give up, and even if they don't, there's no harm done.

Logrotate is your friend.

I've just installed an apache server on a spare pc to act as a low-grade web server just to learn new things. I'm a complete noob with linux and this thread has got me thinking... what if I'm hacked??

Can someone point me to a very step-by-step guide to ensuring apache security? I find the man pages quite intense sometimes.. though I do have a router as the first gateway in from the internet/world and it blocks all ports but 80.

I don't know about a apache security how-to, but if you're just trying to learn something about apachetry running it on a different port than 80 or 8080. That way you won't show up people's scans when they're scanning an ip range for those ports