Tribe.net. Local Connections Stefan http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#87749b29-9f7a-40fe-9bc8-05e188aad5b5 2005-09-19T21:40:10Z 2005-09-19T21:40:10Z

If you're really concerned about hackers, you may want to think about restricting them at the firewall level. Blocking them on the webserver level means that they already have some limited access to your network. Blocking from Apache will only protect Apache, and it's possible there are other vulnerabilities on that same machine, or on other machines which are on the same network.

Stefan 2005-09-19T21:40:10Z $item.owner.firstName http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#7893c78f-ae62-4a6e-afa5-3c5e544a7b51 2005-09-18T00:22:55Z 2005-09-18T00:22:55Z

Cesspools like Ukraine and Russia don't deserve to be on the Internet, so I just block them entirely - not just from Apache. Add this to your /ets/hosts.deny: ALL: .ru That keeps them out of everything.

$item.owner.firstName 2005-09-18T00:22:55Z robt. http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#6e359acb-a0db-4061-b4c7-ae782289be16 2005-03-01T20:58:34Z 2005-03-01T20:58:34Z

I'm going to 2nd the mod_security suggestion. I had a server up for close to 2 years without a firewall (aside from kernel level anti-spoofing and synflood protection with iptables/netfilter) simply by turning services off and using mod_security. It played hell with squirrell mail but some tweaking with httpd.conf (apache 1.3) and I was good to go. Now I don't think I ever got whacked but who can ever be sure :) Good luck!

robt. 2005-03-01T20:58:34Z $item.owner.firstName http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#09ba3ea3-bfb3-4737-bd30-6e0d114400cc 2005-03-01T07:14:39Z 2005-03-01T07:14:39Z

check out mod_security and mod_dosevasive. This wont get you blocking by country code, but both can help you block weenies on the fly.

$item.owner.firstName 2005-03-01T07:14:39Z Eli http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#efe9642d-00d6-41fc-ad9e-6225102dcc40 2005-03-01T01:35:10Z 2005-03-01T01:35:10Z

That would be blocking by geolocation not country code. On the plus side, this can run much faster since you don't need to do DNS lookups. On the minus side, unless you subscribe to a service like Digital Envoy's NetAcuity ( http://www.digitalenvoy.net/ ) there is a lot of tweaking involved to stay on top of changes. I use NetAcuity from a PHP module for live website checking and from Perl for log processing. I don't pay the bills, though, and I have no idea how much it is costing. Probably in the four figures a year range. There are free tools, but I can't think of any names offhand. There are also published tables of which registry gives out which IPs which can be used to find the offending netblocks for "Deny x.y" statements. It is a nasty way to kill script kiddies though, since it also denies real visiters and doesn't stop kiddies who have compromised cable modem users in Idaho.

Eli 2005-03-01T01:35:10Z Chas http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#c2842f73-5b78-4498-b445-39a6e0a53146 2005-02-28T19:34:08Z 2005-02-28T19:34:08Z

What do you do if they are a .com, .net, .org or a host of other domain extentions that are used world wide? Need something that identifies where they are coming from and boots them before entry.

Chas 2005-02-28T19:34:08Z cjpa http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#92d5559a-e22d-4155-a43e-920f976727f7 2005-02-28T09:39:59Z 2005-02-28T09:39:59Z

Something like this? <Location /> order allow,deny deny from *.ru </Location>

cjpa 2005-02-28T09:39:59Z Chas http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#40fd9a97-64df-4248-9bef-7980389f3e03 2005-02-28T08:45:00Z 2005-02-28T08:45:00Z

Does anyone know how to set up apache to restrict access based on county code? These script kiddies are driving me nuts and most of them are coming from Russia, the Ukraine and so on. Any help would be appreciated.

Chas 2005-02-28T08:45:00Z