From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 02:07:34 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B89A106564A for ; Sat, 5 Mar 2011 02:07:34 +0000 (UTC) (envelope-from jbiquez@intranet.com.mx) Received: from intranet.com.mx (intranet.com.mx [200.33.246.7]) by mx1.freebsd.org (Postfix) with ESMTP id F0FE28FC16 for ; Sat, 5 Mar 2011 02:07:33 +0000 (UTC) Received: from PC2.intranet.com.mx (189.241.44.64) by intranet.com.mx with ESMTP (EIMS X 3.3.9) for ; Fri, 4 Mar 2011 20:08:10 -0600 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Fri, 04 Mar 2011 20:07:27 -0600 To: freebsd-questions@freebsd.org From: Jorge Biquez In-Reply-To: References: <3382016411-764985335@intranet.com.mx> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> Mime-Version: 1.0 Message-ID: <3382135692-764986037@intranet.com.mx> Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 02:07:34 -0000 > >I wonder why nobodies mentioned a quite simple method with tcpwrappers and >hosts.allow / hosts.deny also Hello. I guess something simple could work.... For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all under httpd.conf and outsite as .htaccess does not work but for now teh thing is simple, to block a class C, those guys are stupiod and programmed bad an application (I guess) and are pointing to one of my domains... since 4 weeks ago I am receiving this kind of access: 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] "PROPFIND /Backup-usuarios HTTP/1.1" 301 323 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:43:48 -0600] "PROPFIND /Backup-usuarios/ HTTP/1.1" 200 40833 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] "PROPFIND /Backup-usuarios HTTP/1.1" 301 323 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:13 -0600] "PROPFIND /Backup-usuarios/ HTTP/1.1" 200 40833 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] "PROPFIND /Backup-usuarios HTTP/1.1" 301 323 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:19 -0600] "PROPFIND /Backup-usuarios/ HTTP/1.1" 200 40833 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] "PROPFIND /Backup-usuarios HTTP/1.1" 301 323 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:44:34 -0600] "PROPFIND /Backup-usuarios/ HTTP/1.1" 200 40833 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] "OPTIONS / HTTP/1.1" 200 - "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] "PROPFIND /Backup-usuarios HTTP/1.1" 301 323 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" 189.254.19.93 - - [04/Mar/2011:19:45:06 -0600] "PROPFIND /Backup-usuarios/ HTTP/1.1" 200 40833 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600" They change IP's , from the same Class C. No trying to do anything else, hack or send email.... So I decided to block the Class C. I guess that with the deny, allow directives under Apache would be enough but they do not work. I am under Apache 1.3x and all works fine but that directives do not. I tried , read and not be able to make them work so that's why I decided to block them and block others, those yes are trying to hack, the simplest way..... anyway.... I will see if the: >hosts.allow / hosts.deny would help. If needed I would upgrade to latest version of FreeBSD Apache or whatever needed. Even when they do not do anything my server, a 386 that has been running Freebsd the last 13 years since Freebsd 3.x is supporting this extra load and besides they are wasting my bandwidth. I can not do anything and no problem but I'd like to solve this and continue learning Freebsd. Thanks for your time. Jorge Biquez