Apache vulnerability?

Alex mysqlstudent at gmail.com
Wed Nov 2 00:07:49 UTC 2011


Hi,

>> Yes, I've implemented iptables to drop the attempts. I was really just
>> curious if it was a specific attack with a known pattern so I could
>> investigate further. fail2ban is great for things like this.
>>
> Do you have an example of the iptables entry which does the block?

Yes, quite easy. Just doing it manually for now:

# Create the LOGDROP chain
iptables -N LOGDROP
iptables -F LOGDROP
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
iptables -A LOGDROP -j DROP

iptables -j LOGDROP -I INPUT -s <offending_ip> -d <my_ip> -p tcp --dport 80

This will log each attempt to syslog, or just replace the LOGDROP in
the last rule with DROP to avoid the logging.

Best regards,
Alex


More information about the users mailing list