Need some help on security
Laust S. Jespersen
freebsd-security at ust.dk
Sat Jan 10 16:01:52 PST 2004
Hi David,
> How about to use ipfw.ko?
What Taras is suggesting here, is for you to use the loadable kernel
module version of ipfw.
For more information on loadable kernel modules see "man kldload"
Something along the lines of:
"kldload ipfw && ipfw add 65334 allow ip from any to any"
The last part (ipfw and so on) should let you be able to keep your
connection to the server if you're not on via a local console.
Also "man ipfw" is a fantastic manpage.
With regards the attacks on your webserver, there is the option of
firewalling it out (ie. ipfw add 10000 deny ip from x.x.x.x to me)
or using apache's built-in access.conf mechanism.
You could do something in your access.conf along the lines of:
<Location />
Order Allow,Deny
Allow from all
Deny from 211.233.89.189
</Location>
Personally I'd go with the firewalling, although sometimes it is
not practical if the websites in question are not your own.
Lastly, just to ease your mind, all the attacks in your original mail
are IIS attacks and as such should not work on your webserver :)
To illustrate from my own logfiles :)
me at my:/var/log>grep '[root|cmd].exe' httpd-error.log|wc -l
27938
Hope this helps.
Med venlig hilsen / Best Regards
Laust Jespersen
http://www.ust.dk
======================================================================
Viking Rule of Acquisition 1: Remember where you beached the long ship
More information about the freebsd-security
mailing list