FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-06-2008, 04:23 PM
"H.S."
 
Default how to block 'rogue' attemps from China

Hello,

On my Debian server I run at home, I notice that there are numerous
attempts at trying to access some php pages or trying use my server as a
proxy. Some examples:

221.192.199.36 - - [06/Oct/2008:11:52:52 -0400] "GET
http://scifi.pages.at/myproxies/azenv.php HTTP/1.1" 404 367 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

[Mon Oct 06 07:59:19 2008] [error] [client 222.187.221.113] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat


.. and so on (the last one is a log of Koha, the library management
system).


Recently I ran a little bash script to check the country that these ip
addresses belonged and discovered they are all, *all*, so far from
China. Here are some of the ip addresses:
119.5.1.129
220.170.112.139
58.17.171.149
221.5.128.66
123.134.66.34
123.145.160.70
123.145.163.184
58.17.144.28


Though I keep the machine updated and I am not running a proxy, still I
would want to block the rogue ip addresses, or even better, the block of
rogue IP address. If push comes to shove, blocking whole of China may
also be considered (it might save the number of iptables rules I would
need).

Any tools to do this in Debian? What do others do in this kind of a
situation? I know, I can just leave it be since they are getting 404'ed,
but to be extra safe (prevent a zero day attack?), blocking them might
be a good idea.

Regards.




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:34 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org