Hi,
Karsten McMinn schrieb:
On 2/6/07, Xavier Mertens <[EMAIL PROTECTED]> wrote:
Hi *,
I've a problem with an Apache web server hit by f*cking spammers...
I would like to filter some URLs (unused but still used by the bots)
*BEFORE* they reach the httpd processes. What could be the
best method? pf? something else?
I used snort to filter before httpd to build simple IP address lists
to feed into a pf table. It was kinda clunky. Second time
around I'd just parse my httpd log files and do the same thing.
With apache configured right and a cron running every minute
you'll get by with minimal work needed. I'd imagine.
I tried the very same when a webserver of mine was hitted by some
botnet. Unluckily, cron can only ran every minute as the fastest
interval and within 1 minute I already had around 1000 connections from
different IP addresses.
Ergo: A one minute interval didn't help at all..
./Marian
