Security Incidents mailing list archives
Re: strange HTTP scan/attack?
From: Bryan Andersen <bryan () visi com>
Date: Tue, 28 Nov 2000 18:30:22 -0600
Jim Bacon wrote:
I am seeing someone repeating hitting a CGI script with a HEAD request and then submitting a query of the form:
[snip]
Can anyone offer any clues tp what this is and what I can do about it? It appears to be originating from a UUnet dialup in the UK, so any complaints to a live human are impossible and email complaints just an excercise in my typing practice.
First: Block the host IP or netblock at your firewall if possible. If you don't have that control, go into your web server and use it's access controls to lockout that host. For Apache it would look something like this: <Location /cgi-bin> Order deny,allow Deny from hostname.or.IP.number.of.offender Allow from all </Location> This would go along with statements like it in the config file. You will need to restart Apache, but you can use the gracefull option. Second: Still send that email to uunet about the abuse, they need to know. -- | Bryan Andersen | bryan () visi com | http://softail.visi.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen |
Current thread:
- strange HTTP scan/attack? Jim Bacon (Nov 29)
- Re: strange HTTP scan/attack? Anne Marcel Roorda (Nov 30)
- Re: strange HTTP scan/attack? Bryan Andersen (Nov 30)