From owner-freebsd-amd64@FreeBSD.ORG Wed May 9 08:45:57 2007 Return-Path: X-Original-To: freebsd-amd64@freebsd.org Delivered-To: freebsd-amd64@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C1B7E16A400; Wed, 9 May 2007 08:45:57 +0000 (UTC) (envelope-from ogreve@millennics.com) Received: from smtp.interstroom.nl (smtp1.interstroom.nl [80.85.129.3]) by mx1.freebsd.org (Postfix) with ESMTP id 830C113C459; Wed, 9 May 2007 08:45:57 +0000 (UTC) (envelope-from ogreve@millennics.com) Received: from ip127-180.introweb.nl ([80.65.127.180]:49386 helo=[192.168.1.134]) by smtp.interstroom.nl with esmtpsa (TLS-1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.63) (envelope-from ) id 1HlhdS-0005Kv-IK; Wed, 09 May 2007 10:34:58 +0200 In-Reply-To: <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> References: <2BEB30C2-C9C5-43AB-9DCA-5C9A1B0AC2C0@axis.nl> <20070504111105.GA13599@kzdoos.xs4all.nl> <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Olaf Greve Date: Wed, 9 May 2007 10:34:57 +0200 To: freebsd-amd64@freebsd.org X-Mailer: Apple Mail (2.752.3) Cc: freebsd-questions@freebsd.org Subject: Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved] X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2007 08:45:57 -0000 Hi again, Tnx for your further recommendations. I'll take the following actions: 1) I'll report the IP addresses to Spamcop and Spamhaus (note that indeed it appears to be virus-driven, or operated through backdoors, as the server is under constant "attack", coming from a variety of IP addresses). That way, perhaps the ISPs can at least inform the "responsible" people that they have virus infections, and need to act upon it. 2) I may try the hosts.allow trick, but I fear that the IP addresses will be very diverse, so that may not be as full-proof as I'd like. Probably I'll make use of captcha, or something of the likes. 3) I had already tried using Apache to block any and all access to the script, but from the machine itself, but I had done so by adding an "Allow from 123.456.789.10" entry (with the real life IP address, instead of "localhost" or "127.0.0.1"). This didn't do the trick, and I can see why. I'll try this with setting this to "Allow from localhost" or "Allow from 127.0.0.1", and will the perhaps have to change the
action handler somewhat. Either way: I should have enough information for now to properly act upon it (though I still welcome further suggestions), so thanks a lot again! :) Cheers! Olafo