Ali Nebi wrote:
Thanks for the reply.
I use shorewall firewall. I will try to configure it to drop these hosts.
Off topic now (nd assuming this is a non commercial web service)
Add the ip addresses to /etc/shorewall/blacklists and ensure
blacklists is added to the correct line in the /ec/shorewall/interfaces
file.
i.e.
fox ~ # grep blacklist /etc/shorewall/interfaces
# blacklist - Check packets arriving on this
interface
# against the /etc/shorewall/blacklist
net eth1 - blacklist
net ppp0 - blacklist
fox ~ #
and
fox ~ # tail -5 /etc/shorewall/blacklist
24.64.108.109/32
24.64.187.143/32
#ADDRESS/SUBNET PROTOCOL PORT
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Is there some way to deny these accesses with rewriterule?
If yes how it should looks like?
If I wanted to try and feed the infected machine something that
may trigger it I would consider an errordocument handler
but anything beyond a standard error may cause the infected machine
to conside your system as 'open'.
Instead, have the errordoc handler write the IP address to a log
and feed this (carefully) into your blacklist file.
Jacqui
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]