[KLUG Members] WTF is going on?

Adam Bultman members@kalamazoolinux.org
Sat, 8 Jun 2002 09:24:30 -0400 (EDT)

Previous message: [KLUG Members] WTF is going on?
Next message: [KLUG Members] WTF is going on?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
> If the traffic is all coming from the same IP, subnet, or small number
> if IP's, then BLOCK THEM.  Use ipchains/iptables to drop them, or add
> ACL's in your router to drop those addresses.
>
There are 1864 unique ip addresses ( save 15 or so for the hosts I
connect from) that connected to the server at port 80
in the past 5 weeks.  That's a lot.  I can see, say, blackholing all port
80 requests, but then how will I get my stats? I guess I could run apache
on a different port, but then, will they find that one?  If the newest
version of apache doesn't allow (assuming 1.3.9 did) passing of the URL
buck, so to speak,   how do I stop these requests? Let them die down? I'm
afriad I don't think I can just let this incoming traffic continue, but
then I dont want to block anyone important.  I guess for the time being,
I'll leave apache off, and see if thigns die down (but how is, the
question).

Do you think it's like, a worm that's hitting me?  Just telnetting in
(since you can't get to the web server via the passed URL anyway) asking
for the page? Most of the pages are ads, or webcam images.

Oh, well. Thanks for all the help, guys.

Previous message: [KLUG Members] WTF is going on?
Next message: [KLUG Members] WTF is going on?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]