On Fri, 20 Sep 2002 21:43:48 -0700 (PDT)
Ibly Piblo <[EMAIL PROTECTED]> wrote:
> How do you block Nimda attacks from your logs?
>
> Really, now, there must be a way,
> I have tried script after script,
> I am still getting attacked by this IP:
>
> 65.192.141.115
Use iptables.
iptables -A INPUT -s 65.192.141.115 -j DROP
<snip>
> Isnt there something easier, a script I can
> just download and install?
I use one that was posted on this list a while ago.
> I'm going to aggressively fight back,
> if there is a script that I can put in my
> /bin directory that will scan my /var/tmp/blocked
> file and instead of just ipchain-ing them out,
> (INEFFECTIVE!) it will shut them down,
> it is the only way.
I believe Civileme posted a link to a page on PLF that contained such a
script. Check the archives. It is annoying. I've been hit by 81 infected
computers in a little over 2 weeks.
If you drop them, they should not be showing up in your http logs.
iptables gets flushed everytime you restart--could that be it? I run this
if I have to restart:
#!/bin/bash
for idiot in `cat /var/tmp/blocked`
do
iptables -A INPUT -s $idiot -j DROP
done
exit
HTH,
Todd
--
Todd Slater
Not currently listening to tunes
My grandmother wanted me to have an education, so she kept me out of
school. (Margaret Mead)
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
