Hi-te, Interesuwat me idei za twa kak da se razkarat logowete prichineni ot win-based virusi kato nimda, CodeRed i t.n. Ot twa koeto namerih po net-a - pone dosega widiah niakolko neshta: 1. Apache::Nimda mod perl modul ( http://www.keyslapper.org/Nimda/ )
2. prost script koito sabira IP-tata ot log-owete i gi slaga waw DENY tablicata (ipchains, iptables...) 3. w http.conf PerlModule Apache::Constants <LocationMatch "\.(ida|exe)$"> SetHandler perl-script PerlInitHandler Apache::Constants::DONE </LocationMatch> Twa 3-toto nai mi dopada, tai kato dawa wazmojnost chowek sam da si regulira kakwo iska da blokira i kade da gi prati ... Az go slojih waw httpd.conf - i zabeliazah che apache-to se darji razlichno kogato iskash da dokopash exe ili ida file - no wse pak apache-to i snort palniat logowete (edinia za nenameren file - drugia za security alert). 2-ria wariant e twa koeto polzwam w momenta - no lista na blokiranite IP-ta se uwelichawa wseki den sas sredno mejdu 2 i 4 IP-ta - ako taka warwi skoro waw iptables shte imam stotici zabraneni IP-ta. Az gi zabraniawam samo kam 80-ti port de ... 1-wia wariant mai ne e totalno losh - no togawa shte triabwa da se barka w modula za wseki nowoizlupen (neshto chesto sreshtano w dneshno wreme) win-based virus. Pozdrawi, Emo =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
