[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Non existing urls are entered for 1,5 hour
- Subject: Re: [cobalt-security] Non existing urls are entered for 1,5 hour
- From: "Nico Meijer" <nico.meijer@xxxxxxxxx>
- Date: Sun, 15 Jul 2001 23:21:19 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi guys,
> > ALL: 63.31.246.30 ??
>
> YES! (on one line)
Ehm... apache doesn't look at /etc/hosts.*, sorry to say. This line *will*
of course keep him from popping, ftp'ing or whatever.
To block this IP into apache's virtual neverland, you could:
1) edit the apache configuration to deny this IP access to just about
anything
2) filter this one thru ipchains
I strongly recommend option 2, especially if you'd like to have anything
that looks like a "warranty" left on the box. ;-)
> You should be running portsentry, or using ipchains.
Portsentry is a great tool to see what happens on a box during the day, and
then apply firewall rules accordingly.
Now is a good time to learn ipchains. There have been quite a lot of posts
on this list and the users' list about the subject, so read up.
To save yourself a lot of time, I suggest fetching the ipchains rpm for
RedHat 6.2 from rpmfind.net and installing it (it will not hurt your system
by simply installing, just don't do anything stupid).
Do you have a spare box laying around the house? If so, ditch whatever is on
there (except if it's RedHat 6.x) and install RedHat 6.2. Cobalt OS is based
on it, and you can still get it just about everywhere.
Good luck... Nico