[CLUE-Tech] root kit checker
Mike Staver
staver at fimble.com
Fri May 7 12:42:33 MDT 2004
Yeah, this is frustrating - I DID deny them that directory using
httpd.conf, but it kept on happening. I was completely baffeled by this.
Per my earlier email, I denied them using both the IP I had and by the
dns name that you get by looking up the ip. It still didn't stop them.
They eventually stopped on their own, that's why I was not
understanding how they were able to get around my firewall and
httpd.conf settings. Is it possible for the actual location of traffic
to be different from what my logs and everything else actually shows?
Jed S. Baer wrote:
> On Thu, 06 May 2004 23:34:44 -0600
> Mike Staver <staver at fimble.com> wrote:
>
>
>>Ah - I made an assumption that all apps would look to hosts.deny - I
>>didn't realize that only xinetd apps did, my bad.
>
>
> You can also deny access using your httpd.conf file.
>
> http://httpd.apache.org/docs/mod/mod_access.html#deny
>
> <Directory /path/to/doc/root/or/phpbb>
> Order deny,allow
> Deny from evil.microsoft.com
> Allow from all
> </Directory>
>
> Allow|Deny also work in .htaccess files.
>
> Or, you could use mod_rewrite to send them elsewhere, like back to
> themselves.
>
> Neither of the above would be as effective at reducing your bandwidth
> usage as iptables, though.
>
> jed
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list