[CLUE-Tech] annoying attempts to compromise web server
Charles Oriez
coriez at oriez.org
Wed Oct 13 09:00:32 MDT 2004
At 08:11 AM 10/13/2004, mike havlicek wrote:
>Hello,
>
>A few days ago I opened up my cable/dsl router to
>allow a simple web page to be served by apache on one
>of my linux boxes. Over the last 2 days or so apache
>has been logging (in access_log) attempts from a
>particular IP trying to "run" things like:
>
>67.165.178.202 - - [13/Oct/2004:07:49:58 -0600] "GET
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
>HTTP/1.0" 404 972 "-" "-"
>
>every 30 to 40 minutes.
>
>Any suggestions on how to deal with this sort of
>thing?
>
>-Mike
as root or su
/sbin/iptables -A INPUT -s 67.165.178.202 -j DROP
remember to run an iptables save command in your daily cron job
Mine were coming from 24.162.235.170 and have not shown up since I entered
that command.
--
coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
"Drag God into politics, and you'll ruin his reputation in no time." -
Molly Ivins
More information about the clue-tech
mailing list