I'm using this guys script (modified slightly) It uses IPchains to block sites infected with the nimda virus. You can find out info at.
http://screaming-penguin.com/main.php?storyid=1922 If you can't get the site and others want my scripts ( I've modified it for iptables as well) let me know and I'll post a download url for what I use. Note: use at your own risk. Nice part is it blocks the site but doesn't in any way affect the other persons box. James On Sun, 6 Jan 2002 20:52:36 -0800 "David Guntner" <[EMAIL PROTECTED]> wrote: > I keep getting hit by a site which is probably infected with the Namda worm > or one of those others. I keep seeing connections in my httpd access_log > file, and judging from the requests, it seems to be probing for another > vunerable NT server to attack. I'd like to be able to just slam the door > in that particular IP address' face if possible. Is there anything in a > config file somewhere that can be used to tell Apache to just reject all > connections from a given address? Since it's not going through xinetd, the > hosts.allow file doesn't come in to play... :-) > > --Dave > -- > David Guntner GEnie: Just say NO! > http://www.akaMail.com/pgpkey/davidg or key server > for PGP Public key > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
