http://apacheservers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5?format=rss Tribe.net. Local Connections http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#87749b29-9f7a-40fe-9bc8-05e188aad5b5 If you're really concerned about hackers, you may want to think about restricting them at the firewall level. Blocking them on the webserver level means that they already have some limited access to your network. Blocking from Apache will only protect Apache, and it's possible there are other vulnerabilities on that same machine, or on other machines which are on the same network. Mon, 19 Sep 2005 21:40:10 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#87749b29-9f7a-40fe-9bc8-05e188aad5b5 Stefan 2005-09-19T21:40:10Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#7893c78f-ae62-4a6e-afa5-3c5e544a7b51 Cesspools like Ukraine and Russia don't deserve to be on the Internet, so I just block them entirely - not just from Apache. Add this to your /ets/hosts.deny: ALL: .ru That keeps them out of everything. Sun, 18 Sep 2005 00:22:55 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#7893c78f-ae62-4a6e-afa5-3c5e544a7b51 $item.owner.firstName 2005-09-18T00:22:55Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#6e359acb-a0db-4061-b4c7-ae782289be16 I'm going to 2nd the mod_security suggestion. I had a server up for close to 2 years without a firewall (aside from kernel level anti-spoofing and synflood protection with iptables/netfilter) simply by turning services off and using mod_security. It played hell with squirrell mail but some tweaking with httpd.conf (apache 1.3) and I was good to go. Now I don't think I ever got whacked but who can ever be sure :) Good luck! Tue, 01 Mar 2005 20:58:34 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#6e359acb-a0db-4061-b4c7-ae782289be16 robt. 2005-03-01T20:58:34Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#09ba3ea3-bfb3-4737-bd30-6e0d114400cc check out mod_security and mod_dosevasive. This wont get you blocking by country code, but both can help you block weenies on the fly. Tue, 01 Mar 2005 07:14:39 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#09ba3ea3-bfb3-4737-bd30-6e0d114400cc $item.owner.firstName 2005-03-01T07:14:39Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#efe9642d-00d6-41fc-ad9e-6225102dcc40 That would be blocking by geolocation not country code. On the plus side, this can run much faster since you don't need to do DNS lookups. On the minus side, unless you subscribe to a service like Digital Envoy's NetAcuity ( http://www.digitalenvoy.net/ ) there is a lot of tweaking involved to stay on top of changes. I use NetAcuity from a PHP module for live website checking and from Perl for log processing. I don't pay the bills, though, and I have no idea how much it is costing. Probably in the four figures a year range. There are free tools, but I can't think of any names offhand. There are also published tables of which registry gives out which IPs which can be used to find the offending netblocks for "Deny x.y" statements. It is a nasty way to kill script kiddies though, since it also denies real visiters and doesn't stop kiddies who have compromised cable modem users in Idaho. Tue, 01 Mar 2005 01:35:10 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#efe9642d-00d6-41fc-ad9e-6225102dcc40 Eli 2005-03-01T01:35:10Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#c2842f73-5b78-4498-b445-39a6e0a53146 What do you do if they are a .com, .net, .org or a host of other domain extentions that are used world wide? Need something that identifies where they are coming from and boots them before entry. Mon, 28 Feb 2005 19:34:08 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#c2842f73-5b78-4498-b445-39a6e0a53146 Chas 2005-02-28T19:34:08Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#92d5559a-e22d-4155-a43e-920f976727f7 Something like this? <Location /> order allow,deny deny from *.ru </Location> Mon, 28 Feb 2005 09:39:59 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#92d5559a-e22d-4155-a43e-920f976727f7 cjpa 2005-02-28T09:39:59Z http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#40fd9a97-64df-4248-9bef-7980389f3e03 Does anyone know how to set up apache to restrict access based on county code? These script kiddies are driving me nuts and most of them are coming from Russia, the Ukraine and so on. Any help would be appreciated. Mon, 28 Feb 2005 08:45:00 GMT http://ApacheServers.tribe.net/thread/36bf0a56-f494-467b-b177-0efe357517a5#40fd9a97-64df-4248-9bef-7980389f3e03 Chas 2005-02-28T08:45:00Z