localhost dos

Hi all,

Ok this morning I get up and notice the site is off, I look at the logs..
var/log/httpd..

and have this

localhost||||1155||||75.61.124.30 - - [01/Jun/2008:09:16:02 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"
localhost||||1155||||75.61.124.30 - - [01/Jun/2008:09:17:27 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"
localhost||||1155||||75.61.124.30 - - [01/Jun/2008:09:26:09 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"
localhost||||1155||||24.184.68.136 - - [01/Jun/2008:09:26:09 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"
localhost||||1155||||75.61.124.30 - - [01/Jun/2008:09:33:36 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"
localhost||||1155||||75.61.124.30 - - [01/Jun/2008:09:33:41 -0700] "GET / HTTP/1.0" 200 1155 "-" "-"


now i have tried to add all of the ip address to my htaccess yet I still have my webserver off.. I cant keep it on because this stuff knocks it off again..

also I noticed in the var/www/localhost/log/2008/05

71.137.176.253 - - [28/May/2008:22:18:59 -0700] "GET /phpmyadmin2/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:18:59 -0700] "GET /php-my-admin/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:00 -0700] "GET /phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:01 -0700] "GET /padmin/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:02 -0700] "GET /datenbank/main.php HTTP/1.0" 404 1100 "-" "-"
71.137.176.253 - - [28/May/2008:22:19:02 -0700] "GET /database/main.php HTTP/1.0" 404 1100 "-" "-"
60.172.219.2 - - [29/May/2008:08:22:08 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
88.85.72.10 - - [29/May/2008:10:23:38 -0700] "GET http://www.webblog.com/cgi-bin/d-bots/ProxyJudge.pl?proxy_ip=65.61.50.25:80 HTTP/1.0" 404 1104 "-" "-"
60.172.219.2 - - [29/May/2008:15:42:59 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
60.172.219.2 - - [29/May/2008:22:32:10 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
211.94.162.151 - - [30/May/2008:01:20:26 -0700] "\x16\x03" 501 1039 "-" "-"
202.93.36.88 - - [30/May/2008:08:01:29 -0700] "GET /images/top1.gif HTTP/1.1" 400 226 "-" "Opera/9.26 (Windows NT 5.1; U; en)"
60.172.219.2 - - [30/May/2008:12:54:20 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
node136.34.131.63.1dial.com - - [30/May/2008:14:51:13 -0700] "GET /modules/Your_Account/images/themes.png HTTP/1.1" 400 226 "http://www.boon-dog.com/modules.php?name=Your_Account&op=userinfo&username=red_dog123" "Opera/9.26 (Windows NT 5.1; U; en)"
node136.34.131.63.1dial.com - - [30/May/2008:14:51:44 -0700] "GET /modules/Downloads/imageuploads2/yahooroombooterpro.jpg HTTP/1.1" 400 226 "-" "Opera/9.26 (Windows NT 5.1; U; en)"
60.172.219.2 - - [30/May/2008:20:14:00 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
203.145.134.195 - - [31/May/2008:06:57:22 -0700] "GET /images/sommaire/categories/tree-L.gif HTTP/1.1" 400 226 "http://www.boon-dog.com/modules.php?name=Your_Account&op=userinfo&username=rjraaz" "Opera/9.27 (Windows NT 5.1; U; en)"
60.172.219.2 - - [31/May/2008:10:59:59 -0700] "GET http://thecric.free.fr/AZenv/azenv.php HTTP/1.1" 404 1104 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
222.215.230.49 - - [31/May/2008:11:01:36 -0700] "GET http://zerg.helllabs.net/cgi-bin/textenv.pl HTTP/1.1" 404 1106 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
222.215.230.49 - - [31/May/2008:11:01:36 -0700] "CONNECT www.google.com:443 HTTP/1.0" 405 1033 "-" "-"
61.182.218.26 - - [31/May/2008:11:09:23 -0700] "GET /w00tw00t.at.ISC.SANS.DFind HTTP/1.1" 400 226 "-" "-"
65.61.50.164 - - [31/May/2008:17:48:16 -0700] "HEAD / HTTP/1.0" 200 - "-" "-"
65.61.50.164 - - [31/May/2008:17:56:31 -0700] "HEAD / HTTP/1.0" 200 - "-" "-"
65.61.50.164 - - [31/May/2008:18:04:33 -0700] "HEAD / HTTP/1.0" 200 - "-" "-"


how can I block these people from acessing my local host?

 

You could try mod_security, or if these people come all from the same country, you could block the requests with the help of mod_geoip.

This post might be of interest as well: http://www.howtoforge.com/forums/showpost.php?p=38142&postcount=4

 

thanks

Once again falco.. YOU ROCK!

thank you so much.. its slower.. but its there

blocked that right out using the

route add -host 69.209.235.164 reject

hey if I ever want to remove an ip from that is there a way?

 

Either reboot the system, or run

Code:

route del -host 69.209.235.164

 

re

how do I add a range Falco?


route add -host 209.167.0.0/16 reject ?

 

Like this:

Code:

route add -net 67.81.138.124 netmask 255.255.255.252 reject