Date: Sun, 11 Jan 2004 01:01:56 +0100 From: "Laust S. Jespersen" <freebsd-security@ust.dk> To: <freebsd-security@freebsd.org> Subject: RE: Need some help on security Message-ID: <JHECJKBMFANPGFFEKHMIOEEHECAA.freebsd-security@ust.dk> In-Reply-To: <20040111004328.A50107-100000@doppelganger.el.ntu-kpi.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi David, > How about to use ipfw.ko? What Taras is suggesting here, is for you to use the loadable kernel module version of ipfw. For more information on loadable kernel modules see "man kldload" Something along the lines of: "kldload ipfw && ipfw add 65334 allow ip from any to any" The last part (ipfw and so on) should let you be able to keep your connection to the server if you're not on via a local console. Also "man ipfw" is a fantastic manpage. With regards the attacks on your webserver, there is the option of firewalling it out (ie. ipfw add 10000 deny ip from x.x.x.x to me) or using apache's built-in access.conf mechanism. You could do something in your access.conf along the lines of: <Location /> Order Allow,Deny Allow from all Deny from 211.233.89.189 </Location> Personally I'd go with the firewalling, although sometimes it is not practical if the websites in question are not your own. Lastly, just to ease your mind, all the attacks in your original mail are IIS attacks and as such should not work on your webserver :) To illustrate from my own logfiles :) me@my:/var/log>grep '[root|cmd].exe' httpd-error.log|wc -l 27938 Hope this helps. Med venlig hilsen / Best Regards Laust Jespersen http://www.ust.dk ====================================================================== Viking Rule of Acquisition 1: Remember where you beached the long ship
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JHECJKBMFANPGFFEKHMIOEEHECAA.freebsd-security>