LinkBack URL
About LinkBackssorry I must have missed something in the conversation then
sorry I must have missed something in the conversation then
don't worry
Originally posted by anand
I don't disagree that the post contains good info. It surely does, but doesn't help me
As for the link to the post of iptables, i don't remember the same, but here is the code
echo Starting Nimda and Code Red Protection Packet Dropping Utility
iptables -t filter -A INPUT -i eth0+ -p tcp --dport http -m string --string "default.ida" -j DROP
iptables -t filter -A INPUT -i eth0+ -p tcp --dport http -m string --string "root.exe?" -j DROP
iptables -t filter -A INPUT -i eth0+ -p tcp --dport http -m string --string "cmd.exe?" -j DROP
echo Utility Startup complete
The above doesn't work on my machine as per now. I get the following error:
iptables: No chain/target/match by that name
I asked so many people to help with the above error but no was able to
Hope the above makes sense to you atleast.
Good idea . I prefer iptables too (instead to edit httpd.conf , especially for ip based accounts) .
Anyone can help ?
cPanel.net Support Ticket Number:
█ Stop SPAM & VIRUS :: ASSP Deluxe for cPanel http://www.grscripts.com
█ ASSP Deluxe is supported by Fritz Borgstedt,ASSP main developer.
andan,
Maybe try and redirect them back to themselves instead of accessing a page on your server. Instead of using http://potentproducts.com/virus.html change it to http://127.0.0.1
As far as the idea about using iptables to block these strings, there was something about this in netfilters (developers of iptables) mailing list sometime back about this not being that good of an idea. I cant remember the reason that was used but if I can remember correctly it had something to do with the way these type of attacks are done.
Hmmm here is a link (I am sure is more there on this) ...
http://lists.netfilter.org/pipermail...ch/010656.html
Also I have not tried this but sounds like it might be a good idea...
http://www.treachery.net/~jdyson/earlybird/
cPanel.net Support Ticket Number:
To correct some mis-conceptions, I am not recommending anyone to redirect anything to 'potentproducts.com' !!!
That is my URL and any examples I may have posted were to explain how I use something for my site/server. People should always use their own URL for anything related to their own site/server.
The example I posted, for what I do regarding Windows based Virus attacks, may not suit everyone. It is an acceptable solution for myself though and I'm quite happy with it. For certain things I like to keep track of them. I can see that on average, I get about 300 attempts per month.
I used to use the 127.0.0.1 method -- return to sender as I called it -- for Windows Virus attempts, but it was pointed out to me, I might be leaving myself open to litigation. It maybe true, maybe not -- I don't know. But I don't want the possibility to even exist. Although it worked well, I prefer to not use any type coding that even potentially, creates the possibility of a legal back-door for someone to sue me. That's just me though.
cPanel.net Support Ticket Number:
Helping people Host, Create, and Maintain their Web Site
Also providing Server Admin Services - setup / troubleshooting
http://potentproducts.com/
Where could I find a site with NT string attacks updated to mantain updated the RedirectMatch discussed above ?
Thank you
cPanel.net Support Ticket Number:
█ Stop SPAM & VIRUS :: ASSP Deluxe for cPanel http://www.grscripts.com
█ ASSP Deluxe is supported by Fritz Borgstedt,ASSP main developer.
and .... what do you think to add this too ..
RedirectMatch Permanent ^/(.*<script>.*)$ http://google.com
to avoid the execution of malicious javascript code inside the browser ?
cPanel.net Support Ticket Number:
█ Stop SPAM & VIRUS :: ASSP Deluxe for cPanel http://www.grscripts.com
█ ASSP Deluxe is supported by Fritz Borgstedt,ASSP main developer.
Radiohead,
Dont ever redirect anytype of attack to another site... This will get you in big time trouble. If you send them to another site then its basically like you are running a compromised system sending the attacks out.
Now as far as the one I use goes with redirecting it back to them... Yes I know this could become an issue buy hey they are the ones sending out the attacks. They should be the ones held accountable. As the old expression says... "giving them a taste of their own medicine".
cPanel.net Support Ticket Number:
ok , changed with http://127.0.0.1 , thank youOriginally posted by HollyRidge
Radiohead,
Dont ever redirect anytype of attack to another site... This will get you in big time trouble. If you send them to another site then its basically like you are running a compromised system sending the attacks out.
Now as far as the one I use goes with redirecting it back to them... Yes I know this could become an issue buy hey they are the ones sending out the attacks. They should be the ones held accountable. As the old expression says... "giving them a taste of their own medicine".
cPanel.net Support Ticket Number:
cPanel.net Support Ticket Number:
█ Stop SPAM & VIRUS :: ASSP Deluxe for cPanel http://www.grscripts.com
█ ASSP Deluxe is supported by Fritz Borgstedt,ASSP main developer.
Reply With Quote