|
|
lug-bg: nimda, CodRed ... etc. & apache logs
- Subject: lug-bg: nimda, CodRed ... etc. & apache logs
- From: emo@xxxxxxxxxx (Emil Tantilov)
- Date: Wed, 19 Dec 2001 17:32:47 -0800
Hi-te,
Interesuwat me idei za twa kak da se razkarat logowete prichineni ot
win-based virusi kato nimda, CodeRed i t.n. Ot twa koeto namerih po net-a -
pone dosega widiah niakolko neshta:
1. Apache::Nimda mod perl modul ( http://www.keyslapper.org/Nimda/ )
2. prost script koito sabira IP-tata ot log-owete i gi slaga waw DENY
tablicata (ipchains, iptables...)
3. w http.conf
PerlModule Apache::Constants
<LocationMatch "\.(ida|exe)$">
SetHandler perl-script
PerlInitHandler Apache::Constants::DONE
</LocationMatch>
Twa 3-toto nai mi dopada, tai kato dawa wazmojnost chowek sam da si regulira
kakwo iska da blokira i kade da gi prati ... Az go slojih waw httpd.conf - i
zabeliazah che apache-to se darji razlichno kogato iskash da dokopash exe ili
ida file - no wse pak apache-to i snort palniat logowete (edinia za nenameren
file - drugia za security alert).
2-ria wariant e twa koeto polzwam w momenta - no lista na blokiranite IP-ta
se uwelichawa wseki den sas sredno mejdu 2 i 4 IP-ta - ako taka warwi skoro
waw iptables shte imam stotici zabraneni IP-ta. Az gi zabraniawam samo kam
80-ti port de ...
1-wia wariant mai ne e totalno losh - no togawa shte triabwa da se barka w
modula za wseki nowoizlupen (neshto chesto sreshtano w dneshno wreme)
win-based virus.
Pozdrawi,
Emo
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|
|
|