LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-07-2007, 12:02 AM   #1
dianarani
Member
 
Registered: May 2007
Posts: 63

Rep: Reputation: 15
Exclamation to stop hacker's url through apache configuration


Hello everybody,
Is there anybody can help me by providing information on prevention of hacking?
I would like to block an unwanted url request to my apache .I was adviced to do that by apache configuration.I am searching on that.As it is a serious issue i am facing.Could you people who may know come forward and support me to overcome this problem..........Lots and lots of thanks if you are willing to help me.


 
Old 08-07-2007, 06:50 AM   #2
this213
Member
 
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167

Rep: Reputation: 34
Is the URL something that exists on your server? How serious an issue could it really be, if you don't want something to be requested, take it out of your documentroot.

To your questions, there are probably 40 million different ways to deal with query strings. You're going to have to be more specific. Further, this might turn out to be something better handled by the --string switch to iptables.
 
Old 08-07-2007, 12:18 PM   #3
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,591

Rep: Reputation: 145Reputation: 145
you can prevent directories from beeing examined by the httpd.conf and .htaccess files. Apache comes with complex documentation...
 
Old 08-08-2007, 03:50 AM   #4
dianarani
Member
 
Registered: May 2007
Posts: 63

Original Poster
Rep: Reputation: 15
Hello,
Thanks for your reply.some url hitting my apache continuously and making my apache crashed.I tried to block the IP but it is changing continously.the error i got from my error log is,
File does not exist: /var/www/html/2.0/groove.i5.int/siyddif4ibcmrnwe722mc72kzuq286esrg72paa,ConnType=KeepAlive,ID=3es7f8m234d5pw2tvj6v243ajt2d39uqbgkxxv
notice:child pid 10466 exit signal Segmentation fault (11)

I am getting lots of error of similar type.
I thought to set mod_security.configured that but don't know where to give the URL to be blocked.Please help.
 
Old 08-09-2007, 09:34 AM   #5
this213
Member
 
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167

Rep: Reputation: 34
What are you running this on? What versions of Apache and PHP are running?

if the string is the same every time, you can do something like
Code:
$(which iptables) -A INPUT -i eth0 -p tcp -s 0.0.0.0/0 -d my_external_ip --dport 80 \
 -m state --state NEW,ESTABLISHED,RELATED -m string --algo bm \
 --string "siyddif4ibcmrnwe722mc72kzuq286esrg72paa" -j DROP
This would be a better place to implement this than letting the packets all the way into the server.
 
Old 08-10-2007, 01:26 AM   #6
dianarani
Member
 
Registered: May 2007
Posts: 63

Original Poster
Rep: Reputation: 15
Hello,
Thanks this213.we are using apache2 with prefork MPM.we are running php-based application.there are so many child processes created due to fake dir access of an intruder.My error log says,
File does not exist: /var/www/html/2.0/groove.i5.int/siyddif4ibcmrnwe722mc72kzuq286esrg72paa,ConnType=KeepAlive,ID=3es7f8m234d5pw2tvj6v243ajt2d39uqbgkxxv
notice:child pid 10466 exit signal Segmentation fault (11)

I suspect that "ConnType=KeepAlive" only creating problem.I think it is not allowing my child process to end up and exit.Any more ideas on it?
some document of apache says"The child processes will not be alive forever. It could be specified in the configuration file that the child process could ends itself after handled more than a pre-configured number of connections" where do i configure this?

One more clarification, I am heard that there is a bug of segfault with mod-usrtrack module. Is it so?.Is there any person known of this?I got this from this link--->http://osdir.com/ml/debian.devel.apache/2004-01/msg00175.html
Please clear my doubt if you aware of it.
Thanks for the hands which came forward to support me.
 
Old 08-10-2007, 10:03 AM   #7
this213
Member
 
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167

Rep: Reputation: 34
In your httpd.conf:
  • KeepAlive = On|Off # Determines whether to allow KeepAlive requests
  • MaxKeepAliveRequest = Some Number (0) # Number of KeepAlive requests to allow
  • MaxClients = Some Number (512) # Maximum number of clients to allow
  • MaxRequestsPerChild = Some Number (100000) # Max number of requests a child can make
You still haven't said what you're running this on.
 
  


Reply

Tags
help


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox Configuration via url address box b18b Linux - Software 3 02-06-2007 05:36 PM
Intro & Question on Evolution URL Configuration cliff37 LinuxQuestions.org Member Intro 5 06-19-2006 01:45 AM
apache and url help cambie Linux - Software 1 08-11-2005 08:49 AM
apache, url play Robert0380 Linux - Software 5 06-08-2003 02:04 PM
Apache Url simquest Linux - Software 2 11-26-2002 03:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration