deny hosts

imatt

12
+0/-0

Can anybody please tell me the quick and easy way to deny an IP in hosts.deny

It says to not modify the file and use a template. I am new to SME but OK with terminal/pico etc.

All help greatly received.

M@

Logged

...

byte

2,183
+2/-0

deny hosts

« Reply #1 on: April 02, 2004, 12:38:50 PM »

Can you tell us more what your trying to do like for instance are you trying to block an IP from accessing internet?

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

imatt

12
+0/-0

problem is...

« Reply #2 on: April 02, 2004, 12:44:45 PM »

in var/log/httpd/access_log.20040401011201 there is pages of the following text. (same happened yesterday)

Probably a PC infected with some latest worm or similar

The log is getting very large, and if this continues like it is problems may occur?

text is pages of

[02/Apr/2004:06:17:54 +0000] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x

if I can deny the host IP it would stop this yes?

Or shall I not worry. SME 6.0 has virus SW built in does it not?

regards

M@

Logged

...

byte

2,183
+2/-0

deny hosts

« Reply #3 on: April 02, 2004, 12:52:45 PM »

Hi,

You do not need to worry about that as that is just a log of internet activity (That appears in my logs too)

The Access_log keeps records of accessed internet sites.

SME 6 does NOT have any pre-installed AV software, but if you search for CLAM which is opensource that is a nice addition to SME

HTH

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

imatt

12
+0/-0

thanks

« Reply #4 on: April 02, 2004, 01:15:25 PM »

just my web paranoia i guess then - good to know, thanks again

M@

Logged

...

Anonymous

deny hosts

« Reply #5 on: April 13, 2004, 11:17:30 PM »

Quote from: "byte"

Hi,

You do not need to worry about that as that is just a log of internet activity (That appears in my logs too)

Wrong. You may indeed need to worry about it. If. In
fact you use a windblows platform. This is a worm -
an exploit of NTDLL by way of IIS. If you use any
version of windblows, you will need a patch from
M$ to patch your system. If. On the other hand, you
are using UNIX or Linux, you can simply block the
addresses and thereby eliminate (to a great extent)
the abusive entries in your log files.

Just felt you should know.

Logged