[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: blocking ips with iptables accessing invalid URL

You may wish to look into OSSEC ; will do integrity checking, rootkit detection, event log correlation, has an excellent default rules base, can accept just about any kind of logfile and decode it


It will also do what your looking for (OSSEC calls it active response). Setup time for a new install is about 5 minutes.


ESGLinux wrote:
Hi all,
I´m having a problem with an Apache web server.

I get a lot of access ot this kind:

x.x.x.x - - [08/Jul/2009:09:42:20 +0200] "GET
HTTP/1.1" 404 1015 "-" "Mozilla/5.0"

where x.x.x.x is the ip of the client, I suposse this ip is trying to find a
security hole in my system, so what I do manually is this:

iptables -A INPUT -s x.x.x.x -p tcp -m tcp --dport 80 -j DROP

I want to do this automatically. I´m thinking to use logwatch but I´m not
sure how to do it. (I´m testing but for the moment I haven´t found the

anybody knows another way to do what I want?

By the way, I´m interesting to limit the connections to my webserver using
iptables with limit module and busrt argument. What do you think about it?
is a good solution or I´m on the wrong way? Do you know how to prevent DOS

Thanks in advance


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]