On Fri, 05 Dec 2003 16:28:06 -0800, Vineet Kumar wrote: > * Paul Morgan ([EMAIL PROTECTED]) [031205 14:24]: >> On Thu, 04 Dec 2003 18:05:15 -0800, Vineet Kumar wrote: >> >> > * Paul Morgan ([EMAIL PROTECTED]) [031204 12:32]: >> >> I have all services locked down to localhost; my only connections to >> >> the outside world are mail, news via nntpcached, web via squid... I run >> >> Apache but it too is locked down to localhost. My mail is run through my >> > >> > this ... >> > >> >> ISP's (earthlink's) virus and spam filters before I get it (otherwise I'd >> >> be getting like 10 Svens per day). I do see, from time to time, Apache >> >> refusing connections attempts which are generally attacks by Windoze worms. >> > >> > ... and this do not add up. Methinks your apache is not "locked down to >> > localhost." >> > >> >> 150.140.128.174 - - [03/Dec/2003:08:52:40 -0500] "GET >> /.hash=0df2df7b5aeac6aabb9ad2e00c0d150f831fffff HTTP/1.1" 403 322 "-" "-" >> >> [Wed Dec 3 08:52:40 2003] [error] [client 150.140.128.174] client denied by server >> configuration: /var/www/.hash=0df2df7b5aeac6aabb9ad2e00c0d150f831fffff > > That's fine. I just wouldn't consider it "locked down to localhost" if > it's listening on any external interface. I'd use the Listen directive > to have it bind to only 127.0.0.1:80 (and additionally use iptables to > block incoming access). Relying on the server's configuration alone to > reject incoming connections is subject to break if the server is broken. > If it only ever bound to 127.0.0.1, any attempts to connect to an > external address will get RST from TCP before apache ever knows anything > about it. > > good times, > Vineet > --
I appreciate the advice, but I've left it like that out of a somewhat perverse interest in seeing what shows up. I have had some success in getting a couple of people booted off their ISPs. Nice to do a tiny bit of fighting back :) -- ....................paul "The number of UNIX installations has grown to 10, with more expected." (The UNIX Programmer's Manual, 2nd Edition, June 1972) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]