-   Slackware (
-   -   Script kiddies keep hitting my apache server (

user1442 10-26-2005 02:59 PM

Script kiddies keep hitting my apache server
Tons of stuff in my log. Googling has told me that I can fix this my doing a redirect. I think I can take of that.

My question is it ethical to try to connect to their systems if I don't break anything? Two particular ips show up again and again. Remember, I am new, and this is all in the spirit of experimentation. :)

If this is an inappropriate question for this forum, let me know.

Tinkster 10-26-2005 03:20 PM

Disallow those IPs in your /etc/hosts.deny
Quick and easy fix

I'm not sure I understand what you mean with a
redirect, and how you would get that to their machines?


Jeebizz 10-26-2005 03:38 PM

You could also report them to their own isp, just get the names of the ip from a whois, like , and make sure you supply a log with the information necessary, and then just email it to abuse@<offendersisp>.net/com

Fritz_Monroe 10-26-2005 04:02 PM

As much as I'd like to tell you to connect to their machine, it's probably illegal. Best to just report it to their ISP and let them cut them off.


user1442 10-26-2005 05:40 PM

Thanks for the comments. I'll report them. That makes sense.

Tinkster: I found a how-to (I forgot to bookmark it; I'll find it and post it) that detailed editing one of your apache config files to redirects certain requests. Like this:

[ip of offending punk]- - [24/Oct/2005:05:21:04 -0400] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\

I don't know if it works as I haven't tried it (and have been using apache for about a week)

And, Tinkster, my investigation of the things showing up in my log lead to research about security, and security tools. I am *sure* you know all this stuff, but if you want we can continue this in PM, because I don't want to clutter up your board with this crap.

EDIT: The link in question:

netcrawl 10-26-2005 06:01 PM

It's just an attempt to use a Windows exploit... I expect they're getting a "404" type response and nothing more. It's easier to just ignore them; it's water off a ducks back, sorta'. They'll probably give up, and even if they don't, there's no harm done.

Logrotate is your friend.

NeoNero 10-27-2005 10:42 AM

I've just installed an apache server on a spare pc to act as a low-grade web server just to learn new things. I'm a complete noob with linux and this thread has got me thinking... what if I'm hacked??

Can someone point me to a very step-by-step guide to ensuring apache security? I find the man pages quite intense sometimes.. though I do have a router as the first gateway in from the internet/world and it blocks all ports but 80.

Harkov 10-27-2005 01:02 PM

I don't know about a apache security how-to, but if you're just trying to learn something about apachetry running it on a different port than 80 or 8080. That way you won't show up people's scans when they're scanning an ip range for those ports

All times are GMT -5. The time now is 03:15 AM.