Re: Apache attacks

[Bernie Johnson <bernie () e-mich com>]

Kenny,

Look at www.rfxnetworks.com and get APF, BFD and look at the other
scripts there.  This should od what you want and need.

B. Johnson



On Wed, 2005-01-26 at 15:56, Kenny wrote:
> Hi List,
>
> Long time reader, first time poster...
>
> My server crashed yesturday and I had to restart it, to get it going 
> again. Now everything seems ok, however looking at my 
> /var/log/httpd/access_log.1 shows a visitor to the website posting some 
> big chunks of exploit code (containing a massive nop sled).
> How do I know if this attacker actually got in or not?
>
> This is a redhat fedora core 2 box, and I would describe myself as an 
> "intermediate" linux user.
>
> Also, has anyone got any scripts that can detect attacks against apache 
> and ban the ip for a period of time?
>
> I will post the exploit on request.
>
> Thanks, Kenny
--