[CLUE-Tech] annoying attempts to compromise web server
mike havlicek
mhavlicek1 at yahoo.com
Tue Oct 19 12:11:42 MDT 2004
I am trying this iptables solution in cron. When I
last paid my bill with ComCast they told me that they
"invade" clients this way to make sure that they
aren't "illegally" running services. IE anything but
Internet Explorer and Outlook ... hehe
Jerk offs .... who should say how I utilize the
bandwidth I pay for .... (Ok they can deny service to
whomever they please ... but that is bad business)
-Mike
--- Charles Oriez <coriez at oriez.org> wrote:
> At 08:11 AM 10/13/2004, mike havlicek wrote:
>
> >Hello,
> >
> >A few days ago I opened up my cable/dsl router to
> >allow a simple web page to be served by apache on
> one
> >of my linux boxes. Over the last 2 days or so
> apache
> >has been logging (in access_log) attempts from a
> >particular IP trying to "run" things like:
> >
> >67.165.178.202 - - [13/Oct/2004:07:49:58 -0600]
> "GET
>
>/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
> >HTTP/1.0" 404 972 "-" "-"
> >
> >every 30 to 40 minutes.
> >
> >Any suggestions on how to deal with this sort of
> >thing?
> >
> >-Mike
>
>
> as root or su
>
> /sbin/iptables -A INPUT -s 67.165.178.202 -j DROP
>
>
> remember to run an iptables save command in your
> daily cron job
>
> Mine were coming from 24.162.235.170 and have not
> shown up since I entered
> that command.
>
>
>
> --
> coriez at oriez.org 39 34' 34.4"N / 105 00' 06.3"W
> "Drag God into politics, and you'll ruin his
> reputation in no time." -
> Molly Ivins
>
>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the clue-tech
mailing list