Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: imatt on April 02, 2004, 12:20:34 PM

Title: deny hosts
Post by: imatt on April 02, 2004, 12:20:34 PM

Can anybody please tell me the quick and easy way to deny an IP in hosts.deny

It says to not modify the file and use a template. I am new to SME but OK with terminal/pico etc.

All help greatly received.

M@

Title: deny hosts
Post by: byte on April 02, 2004, 12:38:50 PM

Can you tell us more what your trying to do like for instance are you trying to block an IP from accessing internet?

Title: problem is...
Post by: imatt on April 02, 2004, 12:44:45 PM

in var/log/httpd/access_log.20040401011201 there is pages of the following text. (same happened yesterday)

Probably a PC infected with some latest worm or similar

The log is getting very large, and if this continues like it is problems may occur?

text is pages of

[02/Apr/2004:06:17:54 +0000] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x

if I can deny the host IP it would stop this yes?

Or shall I not worry. SME 6.0 has virus SW built in does it not?

regards

M@

Title: deny hosts
Post by: byte on April 02, 2004, 12:52:45 PM

Hi,

You do not need to worry about that as that is just a log of internet activity (That appears in my logs too)

The Access_log keeps records of accessed internet sites.

SME 6 does NOT have any pre-installed AV software, but if you search for CLAM which is opensource that is a nice addition to SME

HTH

Title: thanks
Post by: imatt on April 02, 2004, 01:15:25 PM

just my web paranoia i guess then - good to know, thanks again

M@

Title: deny hosts
Post by: Anonymous on April 13, 2004, 11:17:30 PM

Quote from: "byte"

Hi,

You do not need to worry about that as that is just a log of internet activity (That appears in my logs too)

Wrong. You may indeed need to worry about it. If. In
fact you use a windblows platform. This is a worm -
an exploit of NTDLL by way of IIS. If you use any
version of windblows, you will need a patch from
M$ to patch your system. If. On the other hand, you
are using UNIX or Linux, you can simply block the
addresses and thereby eliminate (to a great extent)
the abusive entries in your log files.

Just felt you should know.