Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-07-2007, 12:02 AM
|
#1
|
Member
Registered: May 2007
Posts: 63
Rep:
|
to stop hacker's url through apache configuration
Hello everybody,
Is there anybody can help me by providing information on prevention of hacking?
I would like to block an unwanted url request to my apache .I was adviced to do that by apache configuration.I am searching on that.As it is a serious issue i am facing.Could you people who may know come forward and support me to overcome this problem..........Lots and lots of thanks if you are willing to help me.
|
|
|
08-07-2007, 06:50 AM
|
#2
|
Member
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167
Rep:
|
Is the URL something that exists on your server? How serious an issue could it really be, if you don't want something to be requested, take it out of your documentroot.
To your questions, there are probably 40 million different ways to deal with query strings. You're going to have to be more specific. Further, this might turn out to be something better handled by the --string switch to iptables.
|
|
|
08-07-2007, 12:18 PM
|
#3
|
Senior Member
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,591
Rep:
|
you can prevent directories from beeing examined by the httpd.conf and .htaccess files. Apache comes with complex documentation...
|
|
|
08-08-2007, 03:50 AM
|
#4
|
Member
Registered: May 2007
Posts: 63
Original Poster
Rep:
|
Hello,
Thanks for your reply.some url hitting my apache continuously and making my apache crashed.I tried to block the IP but it is changing continously.the error i got from my error log is,
File does not exist: /var/www/html/2.0/groove.i5.int/siyddif4ibcmrnwe722mc72kzuq286esrg72paa,ConnType=KeepAlive,ID=3es7f8m234d5pw2tvj6v243ajt2d39uqbgkxxv
notice:child pid 10466 exit signal Segmentation fault (11)
I am getting lots of error of similar type.
I thought to set mod_security.configured that but don't know where to give the URL to be blocked.Please help.
|
|
|
08-09-2007, 09:34 AM
|
#5
|
Member
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167
Rep:
|
What are you running this on? What versions of Apache and PHP are running?
if the string is the same every time, you can do something like
Code:
$(which iptables) -A INPUT -i eth0 -p tcp -s 0.0.0.0/0 -d my_external_ip --dport 80 \
-m state --state NEW,ESTABLISHED,RELATED -m string --algo bm \
--string "siyddif4ibcmrnwe722mc72kzuq286esrg72paa" -j DROP
This would be a better place to implement this than letting the packets all the way into the server.
|
|
|
08-10-2007, 01:26 AM
|
#6
|
Member
Registered: May 2007
Posts: 63
Original Poster
Rep:
|
Hello,
Thanks this213.we are using apache2 with prefork MPM.we are running php-based application.there are so many child processes created due to fake dir access of an intruder.My error log says,
File does not exist: /var/www/html/2.0/groove.i5.int/siyddif4ibcmrnwe722mc72kzuq286esrg72paa,ConnType=KeepAlive,ID=3es7f8m234d5pw2tvj6v243ajt2d39uqbgkxxv
notice:child pid 10466 exit signal Segmentation fault (11)
I suspect that "ConnType=KeepAlive" only creating problem.I think it is not allowing my child process to end up and exit.Any more ideas on it?
some document of apache says"The child processes will not be alive forever. It could be specified in the configuration file that the child process could ends itself after handled more than a pre-configured number of connections" where do i configure this?
One more clarification, I am heard that there is a bug of segfault with mod-usrtrack module. Is it so?.Is there any person known of this?I got this from this link--->http://osdir.com/ml/debian.devel.apache/2004-01/msg00175.html
Please clear my doubt if you aware of it.
Thanks for the hands which came forward to support me.
|
|
|
08-10-2007, 10:03 AM
|
#7
|
Member
Registered: Dec 2001
Location: ./
Distribution: Fedora, CentOS, RHEL, Gentoo
Posts: 167
Rep:
|
In your httpd.conf: - KeepAlive = On|Off # Determines whether to allow KeepAlive requests
- MaxKeepAliveRequest = Some Number (0) # Number of KeepAlive requests to allow
- MaxClients = Some Number (512) # Maximum number of clients to allow
- MaxRequestsPerChild = Some Number (100000) # Max number of requests a child can make
You still haven't said what you're running this on.
|
|
|
All times are GMT -5. The time now is 06:12 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|