Hello, On my Debian server I run at home, I notice that there are numerous attempts at trying to access some php pages or trying use my server as a proxy. Some examples:
221.192.199.36 - - [06/Oct/2008:11:52:52 -0400] "GET http://scifi.pages.at/myproxies/azenv.php HTTP/1.1" 404 367 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" [Mon Oct 06 07:59:19 2008] [error] [client 222.187.221.113] script '/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat .. and so on (the last one is a log of Koha, the library management system). Recently I ran a little bash script to check the country that these ip addresses belonged and discovered they are all, *all*, so far from China. Here are some of the ip addresses: 119.5.1.129 220.170.112.139 58.17.171.149 221.5.128.66 123.134.66.34 123.145.160.70 123.145.163.184 58.17.144.28 Though I keep the machine updated and I am not running a proxy, still I would want to block the rogue ip addresses, or even better, the block of rogue IP address. If push comes to shove, blocking whole of China may also be considered (it might save the number of iptables rules I would need). Any tools to do this in Debian? What do others do in this kind of a situation? I know, I can just leave it be since they are getting 404'ed, but to be extra safe (prevent a zero day attack?), blocking them might be a good idea. Regards. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
