At the moment we see spamming mails, which are sent via the contact form, on many customer servers running a current Joomla and OS. The logs contain lines like: 117.90.137.141 – – [08/Sep/2017:20:01:37 +0200] “POST /index.php/kontakt HTTP/1.1” 302 483 “http://www.WEBSEITE.de/index.php/kontakt” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) […]
The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]
Here is the addition to fail2ban mit xt_recent. Fail2ban can ban ip only until the server restarts. I therefore add the bans not only in the firewall, but store them also into a mysql database. Basics I´ve created the database systemlog which containing two tables – one for the configs […]
To redirect traffic from one port, you can either use iptables PREROUTING or – if need be only tcp – also rinted. Rinetd has the advantage that the setup is simpler. You only have to adjust the settings in /etc/rinetd.conf. To redirect. http and https: #source port destination port 176.9.24.113 […]
my english version Durch mod_cband lässt sich die verfügbare Bandbreite von Apache nach verschiedenen Kriterien drosseln. Das Modul kann von http://cband.linux.pl/download/ oder auch von http://sourceforge.net/projects/cband/ heruntergeladen werden. Zum Installieren reicht wie üblich ./configure make make install Voraussetzung ist aber das APache eXtenSion tool. Die meisten Distributionen bieten mod_cband aber auch […]
Fail2ban an sich is a very handy tool to keep out potential attacking. But it is sometimes unhandly when you just want to unlock a specific ip. I had almost forgotten about the issue until I have to get a comment. 😉 I am now writing the recent entries in […]
There can be problems with the destination file. A solution can be found in the post handle xt_recent from syslog-ng. Due to numerous connects of outdated clients on my clamav-mirror (> 300,000 / day), i add single IP temporarily to the firewall. Requirements: Apache HTTP-Server syslog-ng iptables Configure Apache HTTP-Server The Access […]