PDA

Click to See Complete Forum and Search --> : How to immediately block an IP ?

Donovan
12-12-2000, 07:30 AM
Hi, in case I notice in my apache logs someone trying to scan or flood, how can I immediately prevent the IP from accessing my site ?

Htaccess ?
If yes how ?

Thanks,
Donov
Letalis
12-12-2000, 08:58 AM
Add his IP in /etc/hosts.deny
Letalis
12-12-2000, 08:58 AM
Add his IP in /etc/hosts.deny
Donovan
12-12-2000, 09:05 AM
Can this file prevent access to the web server ??
If yes, please how should I write the line in hosts.deny to preventaccess to the web server ?

Thanks,
Donov
ndelo
12-12-2000, 09:29 AM
You could also add a rule in ipchains blocking that IP.

/sbin/ipchains -A input -i eth0 -p tcp -s the_ip_to_block 1024:65535 -d your_ip 80 -j DENY
Donovan
12-12-2000, 09:38 AM
I prefer the host deny solution... any one who can tell me how i should write the deny line ?

Thanks,
Donov
2thumbs
12-12-2000, 01:05 PM
in hosts.deny put
ALL: xxx.xxx.xxx.xxx
Donovan
12-12-2000, 01:07 PM
No,
this won't affect in any way the web access.
This is what I have, it only prevent people from getting in telnet, sshd, ftp...

Donov
Ig0r
12-12-2000, 01:35 PM
the /etc/hosts.* files only affect daemons being run by inetd. You could configure apache to be run via inetd if you like that solution or you could use an ipchains rule that blocks ALL packets from a particular IP.
Donovan
12-12-2000, 01:37 PM
That's all I can do ? Is there no way to do it with .htaccess ?

Cmon, I'm sure there is http://www.linuxnewbie.org/ubb/wink.gif

Donov