home | list info | list archive | date index | thread index

[OCLUG-Tech] Apache sercuity question


Hello

I have am host a couple of virtual web servers at home. The sites are not that busy. But I am seeing a lot of 404 errors and this   morning I was checking my daily logwatch report and I spotted some weird  in the logs

  A total of 2 sites probed the server 
    122.255.96.164
    85.88.195.35

 A total of 3 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):

    /?file=../../../../../../proc/self/environ%00 HTTP Response 200 
    /?mod=../../../../../../proc/self/environ%00 HTTP Response 200 
    /?page=../../../../../../proc/self/environ%00 HTTP Response 200 

I have since blocked those ip with iptables. But now I want to know if there is a script that I can run that automatically block suspected  malicious ip's or do I just have baby sit the server and keep a closer eye on the logs.


Jeff
  
Jeffrey Dean Moncrieff
Moncrieff consulting IT 
Vancouver/Ottawa 
Cell (613)298-6493
jeffrey [ dot ] moncrieff [ at ] yahoo [ dot ] ca