Hello
I have am host a couple of virtual web servers at home. The sites are not that busy. But I am seeing a lot of 404 errors and this morning I was checking my daily logwatch report and I spotted some weird in the logs A total of 2 sites probed the server 122.255.96.164 85.88.195.35 A total of 3 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /?file=../../../../../../proc/self/environ%00 HTTP Response 200 /?mod=../../../../../../proc/self/environ%00 HTTP Response 200 /?page=../../../../../../proc/self/environ%00 HTTP Response 200 I have since blocked those ip with iptables. But now I want to know if there is a script that I can run that automatically block suspected malicious ip's or do I just have baby sit the server and keep a closer eye on the logs. Jeff Jeffrey Dean Moncrieff Moncrieff consulting IT Vancouver/Ottawa Cell (613)298-6493 [email protected] _______________________________________________ Linux mailing list [email protected] http://oclug.on.ca/mailman/listinfo/linux
