Hello, If you know this IP you can block it using firewall rules. It is possible to reject this traffic and next time attacker be blocked by router not you host. In this case stop traffic as early as possible is not bad strategy.
Many thanks, Serge +380 636150445 skype: skhohlov On Wed, Jun 19, 2013 at 3:26 AM, MattDale <mattdalesm...@gmail.com> wrote: > Thanks for the reply. I had no idea things like munin or graphite existed. > Graphite looks really interesting. > > I'm honestly worried because I feel that since I'm new to setting up > Apache servers that I can make a mistake that may be detrimental to my > company's network and information. Our system is monitored by an external > IT company, so that puts me slightly more at ease, but I still don't feel > too comfortable about my current config. > > I added the two suspect IP addresses to exclude in the virtual host > definition. > This is more of an Apache config issue, so I won't continue it on the list > but if there is anyone in the NYC area that would be willing to help for > this one-off config, we can discuss rates etc off list. > > Thanks again for the reply > > > On Tuesday, June 18, 2013 6:26:06 PM UTC-4, jjmutumi wrote: > >> If they are requesting urls that do not exist why are you worried? Just >> block that IP address in the >> vhost configuration and continuously monitor the server for strange or >> unexpected traffic. >> >> You can look into something like munin or graphite. >> >> >> On Tue, Jun 18, 2013 at 8:26 PM, MattDale <mattda...@gmail.com> wrote: >> >>> I've been using windows/django1.4/apache2.2 for a couple intranet apps >>> and it has been working well. I recently had our admin open up a port in >>> our firewall to deploy another app publicly. We weren't using the app and >>> there were issues when testing, since both the admin and myself are newbies >>> to deploying publicly with Apache with SSL. So we left the server as is and >>> tested UX for this app on an external host. We installed a new system wide >>> firewall last week which the admin thought would help with our issues so I >>> went to do some server prep today to bring the app on an internal server >>> again. >>> >>> A check of the access logs found a specific external IP address hitting >>> the server every 1/4 second with strange URLs that look to be commonly used >>> php urls since June 7,2013. It has been getting hit for DAYs and I just >>> wasn't monitoring the server. Each of the requests either 302'd or 404'd >>> and there are thousands of them. I stopped the server, and sent an email >>> to the admin to close that port down. >>> >>> Since neither I nor the system admin know much about deploying, is there >>> anywhere I can look to hire someone to help get this app deployed safely? >>> Our policies require SSL and we are willing to use other OS or servers, >>> we just need someone who knows what they are doing. >>> >>> We are in the NYC vicinity. >>> >>> Thanks, >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-users...@**googlegroups.com. >>> To post to this group, send email to django...@googlegroups.com. >>> >>> Visit this group at >>> http://groups.google.com/**group/django-users<http://groups.google.com/group/django-users> >>> . >>> For more options, visit >>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>> . >>> >>> >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
