Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 10-26-2005, 01:59 PM   #1
LQ Newbie
Registered: Oct 2005
Distribution: Slackware 10.2
Posts: 27

Rep: Reputation: 15
Script kiddies keep hitting my apache server

Tons of stuff in my log. Googling has told me that I can fix this my doing a redirect. I think I can take of that.

My question is it ethical to try to connect to their systems if I don't break anything? Two particular ips show up again and again. Remember, I am new, and this is all in the spirit of experimentation.

If this is an inappropriate question for this forum, let me know.
Old 10-26-2005, 02:20 PM   #2
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Disallow those IPs in your /etc/hosts.deny
Quick and easy fix

I'm not sure I understand what you mean with a
redirect, and how you would get that to their machines?

Old 10-26-2005, 02:38 PM   #3
Senior Member
Registered: May 2004
Distribution: Slackware 14.2 64-bit with multilib
Posts: 2,373

Rep: Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636Reputation: 636
You could also report them to their own isp, just get the names of the ip from a whois, like , and make sure you supply a log with the information necessary, and then just email it to abuse@<offendersisp>.net/com
Old 10-26-2005, 03:02 PM   #4
Registered: Nov 2004
Location: Maryland, USA
Distribution: Mint 13
Posts: 276

Rep: Reputation: 31
As much as I'd like to tell you to connect to their machine, it's probably illegal. Best to just report it to their ISP and let them cut them off.

Old 10-26-2005, 04:40 PM   #5
LQ Newbie
Registered: Oct 2005
Distribution: Slackware 10.2
Posts: 27

Original Poster
Rep: Reputation: 15
Thanks for the comments. I'll report them. That makes sense.

Tinkster: I found a how-to (I forgot to bookmark it; I'll find it and post it) that detailed editing one of your apache config files to redirects certain requests. Like this:

[ip of offending punk]- - [24/Oct/2005:05:21:04 -0400] "SEARCH /\x90\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9 \xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\xc9\

I don't know if it works as I haven't tried it (and have been using apache for about a week)

And, Tinkster, my investigation of the things showing up in my log lead to research about security, and security tools. I am *sure* you know all this stuff, but if you want we can continue this in PM, because I don't want to clutter up your board with this crap.

EDIT: The link in question:

Last edited by user1442; 10-26-2005 at 05:10 PM.
Old 10-26-2005, 05:01 PM   #6
Registered: Jan 2004
Location: British Columbia
Distribution: Slackware64 14.2, Smoothwall
Posts: 144

Rep: Reputation: Disabled
It's just an attempt to use a Windows exploit... I expect they're getting a "404" type response and nothing more. It's easier to just ignore them; it's water off a ducks back, sorta'. They'll probably give up, and even if they don't, there's no harm done.

Logrotate is your friend.
Old 10-27-2005, 09:42 AM   #7
LQ Newbie
Registered: Oct 2005
Location: London, UK
Distribution: Slackware 10.2
Posts: 23

Rep: Reputation: 15
I've just installed an apache server on a spare pc to act as a low-grade web server just to learn new things. I'm a complete noob with linux and this thread has got me thinking... what if I'm hacked??

Can someone point me to a very step-by-step guide to ensuring apache security? I find the man pages quite intense sometimes.. though I do have a router as the first gateway in from the internet/world and it blocks all ports but 80.
Old 10-27-2005, 12:02 PM   #8
Registered: May 2004
Distribution: Ubuntu 10.04.1 LTS
Posts: 38

Rep: Reputation: 15
I don't know about a apache security how-to, but if you're just trying to learn something about apachetry running it on a different port than 80 or 8080. That way you won't show up people's scans when they're scanning an ip range for those ports

Last edited by Harkov; 10-27-2005 at 12:03 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Virtual Host only hitting first entry, but why? ridertech Linux - Networking 4 06-18-2004 02:23 PM
Windows XP Not Hitting My Network.. sxa General 17 05-31-2004 09:58 PM
Pty's -- Hitting Limit! zepplin611 AIX 2 03-09-2004 08:48 AM
executing script via webpage through apache server feetyouwell Linux - Software 7 02-08-2004 03:23 PM
iptables and firewalls and script kiddies, oh my! murray_linux Slackware 3 11-12-2003 06:26 PM > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:41 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration