You could use mod_rewrite/.htaccess to block these hosts. If you have
access, however, I'd suggest adding them to the DocumentRoot in your
httpd.conf. This is especially helpful if you are serving multiple sites
from a single server using vhosts. Adding them to the httpd.conf will allow
you to block access across the board to all sites that fall under the
DocumentRoot.
In httpd.conf, using the hosts from your log:
<Directory "/your/document/root">
Order allow,deny
Allow from all
Deny from fcmat.org
Deny from 204.184.43.252
</Directory>
Hope that helps.
Rich
On Fri, Jul 18, 2008 at 1:21 PM, Ali Nebi <[EMAIL PROTECTED]> wrote:
> Thanks for the reply.
>
> I use shorewall firewall. I will try to configure it to drop these hosts.
> Is there some way to deny these accesses with rewriterule?
>
> If yes how it should looks like?
>
>
> Quoting Rich Schumacher <[EMAIL PROTECTED]>:
>
> If you are seeing nothing but abuse from these hosts your best bet would
>> be
>> to block these at the router/firewall level. If you don't have access to
>> that, use iptables on the web server to silenty drop any connections from
>> them.
>>
>> On Fri, Jul 18, 2008 at 12:08 PM, Ali Nebi <[EMAIL PROTECTED]> wrote:
>>
>> Hi,
>>>
>>> i would like to ak how can i block these attempts?
>>>
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "POST
>>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "GET
>>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0
>>> (compatible;
>>> MSIE 6.0; Windows NT 5
>>> .1; SV1; .NET CLR 1.1.4322)"
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:32 -0500] "CONNECT
>>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "GET
>>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0
>>> (compatible;
>>> MSIE 6.0; Windows NT 5.1; SV1;
>>> .NET CLR 1.1.4322)"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "POST
>>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:43 -0500] "CONNECT
>>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>>>
>>>
>>> I don't use proxy and it is disabled, but i still get these connections
>>> in
>>> access_log. After this, this server is blacklisted from XBL and CBL list
>>> like spammer.
>>>
>>> Please help me to solve this problem. What can i do to block and to
>>> prevent
>>> this kind of accesses?
>>>
>>> Thanks in advanced!
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> " from the digest: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
