Web Development Thread, Apache Ban IPs in Coding and Web Development; An interesting one. Our Moodle implementation seems to have a fan in the Ukraine. Well when I say fan I ...
-
14th December 2009, 09:29 AM #1 Apache Ban IPs
An interesting one. Our Moodle implementation seems to have a fan in the Ukraine. Well when I say fan I mean they are constantly trying to log in as admin. It is getting atad tiresome so I am thinking of banning the IP from the webserver. I can't think of any pitfalls & I can leave it a month & then remove as hopefully they will have moved on. Only problem is my Apache mojo is weak.
I know there is a deny command that can be given to IPs but there seems to be confusion between whether it is best to do this in the .htaccess or in an over all config file. If it is the over all file I can't find which one.
Any guidance?
Ta
-
-
IDG Tech News
-
14th December 2009, 09:34 AM #2 I'd personally not do it in apache, I'd do it either on the box itself with iptables/ipfirewall or upstream preferably to take the onus off of your box completely.
But if you want to do it, you could use
deny from 1.2.3.4
in .htaccess
-
-
14th December 2009, 09:37 AM #3 I'd do this on your firewall (either iptables on the server or further upstream) to prevent other attacks like ssh.
Edit: oh, kmount types faster 
-
-
14th December 2009, 09:53 AM #4 If you want to do it at the apache level I believe the mod_security module can handle this.
and a quick google reveals this Access Control - Apache HTTP Server
-
-
14th December 2009, 10:02 AM #5 I'm glad we're not the only moodle installation to be targetted by those bots.
Bet you they're coming in on 91.212.*.* and 91.213.*.* right? 17-19 attempts, skip a couple of days and try again? I noticed it back in October.
Bizarrely, they've also started trying "eminem" as a username since December.
-
-
14th December 2009, 10:09 AM #6 
- Rep Power
- 0
block the IP's/range(s) or even the ukraine CCld *.ua depending whether the hostmask are using .ua; through iptables...
I wouldn't do it through apache because they can still attempt to access your machine!
-
-
14th December 2009, 12:28 PM #7 Yep, seems to be a constant IP of 91.213.121.24. Starting to get tempted to break out the old black Stetson & go on a rampage!
Iptables seem the way to go as I don't think I can IP ban on our core switch. Second stupid question, IPtables on Server 2003?
-
-
14th December 2009, 01:07 PM #8 
Originally Posted by
TechMonkey 
Iptables seem the way to go as I don't think I can IP ban on our core switch. Second stupid question, IPtables on Server 2003?
Windows Firewall then.
-
-
14th December 2009, 07:56 PM #9 
- Rep Power
- 0
Originally Posted by
TechMonkey Yep, seems to be a constant IP of 91.213.121.24. Starting to get tempted to break out the old black Stetson & go on a rampage!
I've had encouraging results in the past by doing a whois lookup on offending IP addresses, then sending details of the attempted break-in to the "abuse" address which should be listed. Remember, there's often a techie not unlike yourself at the other end. They will share your concerns 
-
SHARE: 
Similar Threads
-
By mrforgetful in forum How do you do....it?
Replies: 8
Last Post: Yesterday, 05:34 PM
-
By NBC_Sys_C-ord in forum School ICT Policies
Replies: 54
Last Post: 5th December 2008, 10:24 AM
-
By FN-GM in forum Windows
Replies: 3
Last Post: 14th April 2008, 03:52 AM
-
By woody in forum Wireless Networks
Replies: 13
Last Post: 22nd November 2006, 01:20 PM
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
LinkBack URL
About LinkBacks
