On Fri, 20 Sep 2002 21:43:48 -0700 (PDT) Ibly Piblo <[EMAIL PROTECTED]> wrote:
> How do you block Nimda attacks from your logs? > > Really, now, there must be a way, > I have tried script after script, > I am still getting attacked by this IP: > > 65.192.141.115 Use iptables. iptables -A INPUT -s 65.192.141.115 -j DROP <snip> > Isnt there something easier, a script I can > just download and install? I use one that was posted on this list a while ago. > I'm going to aggressively fight back, > if there is a script that I can put in my > /bin directory that will scan my /var/tmp/blocked > file and instead of just ipchain-ing them out, > (INEFFECTIVE!) it will shut them down, > it is the only way. I believe Civileme posted a link to a page on PLF that contained such a script. Check the archives. It is annoying. I've been hit by 81 infected computers in a little over 2 weeks. If you drop them, they should not be showing up in your http logs. iptables gets flushed everytime you restart--could that be it? I run this if I have to restart: #!/bin/bash for idiot in `cat /var/tmp/blocked` do iptables -A INPUT -s $idiot -j DROP done exit HTH, Todd -- Todd Slater Not currently listening to tunes My grandmother wanted me to have an education, so she kept me out of school. (Margaret Mead)
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com