htaccess help
This is a discussion on htaccess help within the Apache Web Server forums, part of the Web Server and Related Forums category; I am trying to lock out networks in the Netherlands that are constantly looking for vulnerabilities on my Apache server. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2007
|
|||
|
|||
htaccess help
I am trying to lock out networks in the Netherlands that are
constantly looking for vulnerabilities on my Apache server. I do not control the firewall so that is not an option. I thought the .htaccess file would work but somehow these jerks are continuing to get in. My .htaccess file is located in the root of my web server (/var/www): order allow,deny deny from 58.,59.,60.,61.,62. deny from 77.,78.,79.,80.,81.,82.,83.,84.,85.,86.,87.,88.,89 .,90.,91. allow from all With the above file in place I still see these messages in my Apache errorlog: [Tue Feb 13 18:30:19 2007] [error] [client 85.11.177.162] File does not exist: /var/www/phpmyadmin If I place my IP address in the same format in my .htaccess file I see this: [Fri Feb 16 08:39:15 2007] [error] [client x.x.x.x] client denied by server configuration: /var/www/test1 How is that 85 address getting past the .htaccess file? Thanks Gary |
|
02-16-2007
|
|||
|
|||
|
Re: htaccess help
On Feb 16, 9:47 am, Davide Bianchi <davideyeahs...@onlyforfun.net>
wrote: > On 2007-02-16, Gary Quiring <gquir...@gmail.com> wrote: > > > I am trying to lock out networks in the Netherlands that are > > constantly looking for vulnerabilities on my Apache server. > > Report them to the system administrator and/or the abuse of their > network providers. > > Davide > > -- > If at first you don't succeed, work for Microsoft. That is not going to solve the issue. The RIPE network is in the Netherlands, aka no laws or rules. I have contacted them countless times with zero replies. Their whole network is full of abusers and I think that is why they register on that network to begin with. I have no need for those folks to access my server so I want to block them. In ProFTP the access list looks just like htaccess but works. You should see what they do on an FTP server, thousands of illegal login attempts each day. Blocking their IP range is best best solution as each day it's another IP from the RIPE network looking to break in. |
|
02-16-2007
|
|||
|
|||
|
Re: htaccess help
On Fri, 16 Feb 2007 15:45:41 +0100, Gary Quiring <gquiring@gmail.com>
wrote: > I am trying to lock out networks in the Netherlands that are > constantly looking for vulnerabilities on my Apache server. I do not > control the firewall so that is not an option. I thought > the .htaccess file would work but somehow these jerks are continuing > to get in. > > My .htaccess file is located in the root of my web server (/var/www): > > order allow,deny > deny from 58.,59.,60.,61.,62. > deny from 77.,78.,79.,80.,81.,82.,83.,84.,85.,86.,87.,88.,89 .,90.,91. > allow from all > > How is that 85 address getting past the .htaccess file? Euhm, you want to block me? As far as I know, my ISP will take abuse seriously, but slow (may take a week or 2,3). > The RIPE network is in the Netherlands, aka no laws or rules. I used to work for an ISP in the Netherlands, and they do block abusers. Often even without warning to the client. Where the hell did you get the idea that the Netherlands would be any different? > I have contacted them countless times with zero replies. Well, contact the ISP. Afaik RIPE is no ISP. For instance, for my IP dnsstuff.com clearly shows: remarks: In case of abuse issues, please contact abuse@wanadoo.nl I'm curious as to what emailaddresses you've used to report the abuse. -- Rik Wasmus Owner of an 85.* ip.... |
|
02-16-2007
|
|||
|
|||
|
Re: htaccess help
On Feb 16, 7:01 pm, Rik <luiheidsgoe...@hotmail.com> wrote:
> On Fri, 16 Feb 2007 15:45:41 +0100, Gary Quiring <gquir...@gmail.com> > wrote: > > > I am trying to lock out networks in the Netherlands that are > > constantly looking for vulnerabilities on my Apache server. I do not > > control the firewall so that is not an option. I thought > > the .htaccess file would work but somehow these jerks are continuing > > to get in. > > > My .htaccess file is located in the root of my web server (/var/www): > > > order allow,deny > > deny from 58.,59.,60.,61.,62. > > deny from 77.,78.,79.,80.,81.,82.,83.,84.,85.,86.,87.,88.,89 .,90.,91. > > allow from all > > > How is that 85 address getting past the .htaccess file? > > Euhm, you want to block me? As far as I know, my ISP will take abuse > seriously, but slow (may take a week or 2,3). > > > The RIPE network is in the Netherlands, aka no laws or rules. > > I used to work for an ISP in the Netherlands, and they do block abusers. > Often even without warning to the client. Where the hell did you get the > idea that the Netherlands would be any different? > > > I have contacted them countless times with zero replies. > > Well, contact the ISP. Afaik RIPE is no ISP. For instance, for my IP > dnsstuff.com clearly shows: > remarks: In case of abuse issues, please contact a...@wanadoo.nl > > I'm curious as to what emailaddresses you've used to report the abuse. > -- > Rik Wasmus > > Owner of an 85.* ip.... why not stick to the docs, and use order deny,allow deny from 58. 59. 60. 61. 62. deny from 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. or better yet something like (although it bans a few too many) order deny,allow deny from 77.0.0.0/21 58.0.0.0/19 or if hostname lookups are on just plain old order deny,allow deny from .nl or just have done with it order allow,deny allow from 192. 10. 172. Running a public webserver with no firewall control will result in thousands of hits all day and night if you've done your job well, who cares as long as you're patched up to date, and have even the most basic bandwidth and an old P2. Consider buying a 2nd hand $5 router from ebay - which will take the heat all with a 200MHz processor an 8MB ram! As for multiple login/ftp attempts, I find them interesting, watching the pretty numbers go by. Require SSL with cert login for your real users if you are that concerned. Have you thought about running some old machine as a honeypot and making fun of the whole lot of 'em You should count yourself lucky as you can have real world experience of emerging threats, and get forewarning of what software you need to be up2date with, the rest of us have to read about it and keep up2date in other ways Have you considered mod security, you can impose restrictions on the types of connection, user agents and so on, good stuff. matt -- owner of 82.* IP (based in UK, whose ISP would certainly take action immediately if I transgressed) |
|
02-18-2007
|
|||
|
|||
|
Re: htaccess help
On Feb 16, 2:48 pm, "shimmyshack" <matt.fa...@gmail.com> wrote:
> On Feb 16, 7:01 pm, Rik <luiheidsgoe...@hotmail.com> wrote: > > > > > > > On Fri, 16 Feb 2007 15:45:41 +0100, Gary Quiring <gquir...@gmail.com> > > wrote: > > > > I am trying to lock out networks in the Netherlands that are > > > constantly looking for vulnerabilities on my Apache server. I do not > > > control the firewall so that is not an option. I thought > > > the .htaccess file would work but somehow these jerks are continuing > > > to get in. > > > > My .htaccess file is located in the root of my web server (/var/www): > > > > order allow,deny > > > deny from 58.,59.,60.,61.,62. > > > deny from 77.,78.,79.,80.,81.,82.,83.,84.,85.,86.,87.,88.,89 .,90.,91. > > > allow from all > > > > How is that 85 address getting past the .htaccess file? > > > Euhm, you want to block me? As far as I know, my ISP will take abuse > > seriously, but slow (may take a week or 2,3). > > > > The RIPE network is in the Netherlands, aka no laws or rules. > > > I used to work for an ISP in the Netherlands, and they do block abusers. > > Often even without warning to the client. Where the hell did you get the > > idea that the Netherlands would be any different? > > > > I have contacted them countless times with zero replies. > > > Well, contact the ISP. Afaik RIPE is no ISP. For instance, for my IP > > dnsstuff.com clearly shows: > > remarks: In case of abuse issues, please contact a...@wanadoo.nl > > > I'm curious as to what emailaddresses you've used to report the abuse. > > -- > > Rik Wasmus > > > Owner of an 85.* ip.... > > why not stick to the docs, and use > order deny,allow > deny from 58. 59. 60. 61. 62. > deny from 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. > > or better yet something like (although it bans a few too many) > order deny,allow > deny from 77.0.0.0/21 58.0.0.0/19 > > or if hostname lookups are on just plain old > order deny,allow > deny from .nl > > or just have done with it > order allow,deny > allow from 192. 10. 172. > > Running a public webserver with no firewall control will result in > thousands of hits all day and night if you've done your job well, who > cares as long as you're patched up to date, and have even the most > basic bandwidth and an old P2. Consider buying a 2nd hand $5 router > from ebay - which will take the heat all with a 200MHz processor an > 8MB ram! > As for multiple login/ftp attempts, I find them interesting, watching > the pretty numbers go by. Require SSL with cert login for your real > users if you are that concerned. > Have you thought about running some old machine as a honeypot and > making fun of the whole lot of 'em You should count yourself lucky as > you can have real world experience of emerging threats, and get > forewarning of what software you need to be up2date with, the rest of > us have to read about it and keep up2date in other ways > Have you considered mod security, you can impose restrictions on the > types of connection, user agents and so on, good stuff. > > matt > -- > owner of 82.* IP (based in UK, whose ISP would certainly take action > immediately if I transgressed)- Hide quoted text - > > - Show quoted text - Thanks Matt, my old eyes didn't notice I had the order wrong. Gary |
Linear Mode
