Menu
▾
▴
slashcode-general
|
From: barry <sla...@i1...> - 2001-09-24 17:28:20
|
my server (like everyone's probably) is getting pounded by nimda scans. I would like to use mod_rewrite to deflect those somehow (I found some examples on the net somewhere, url not handy right now). Then I noticed that running "httpd -l "on my server showed rewrite was not one of the modules. Do I need to rebuild apache? If so how do I add mod_rewrite? Or do I just need to add a LoadModule/AddModule pair into http.conf? In case it is the latter, I noticed that my machine has neitehr rewrite.c nor rewrite.so on it - where would I get those from? Of course if someone has another suggestion for deflecting evil scanning threads, I am all ears. Thanks! Barry |
|
From: Micah Y. <yo...@ho...> - 2001-09-25 07:06:51
|
> Of course if someone has another suggestion for deflecting evil scanning > threads, I am all ears. All I did was comment out the line that enabled the 404 error page to be generated by Slash from the site's .conf file. My bandwidth usage went down dramatically after that. mod_rewrite may be a better solution though, so you can still have a "slashlike" 404 for other users. I think you probably will need to recompile Apache. The Slash instructions seem to build a pretty static httpd. As for recompiling Apache, you might want to look at my instructions here for enabling PHP: http://slashcode.com/comments.pl?sid=01/05/15/1617259&op=&threshold=0&commentsort=0&mode=thread&startat=&cid=2 and then take out all the PHP stuff and add to the Apache configure line: --activate-module=src/modules/standard/mod_rewrite.c I'm not sure if you'd need to do more than that or not, but I think that would do it. I actually played with mod_rewrite on someone else's server lately, and I think I'm intrigued enough to compile it into my own. But not right now, have better things to do. :-) -- Like to travel? http://TravTalk.org Micah Yoder Internet Development http://yoderdev.com |
|
From: <al...@ya...> - 2001-09-25 08:41:15
|
--- barry <sla...@i1...> wrote: > my server (like everyone's probably) is getting pounded by nimda scans. I > would like to use mod_rewrite to deflect those somehow (I found some > examples on the net somewhere, url not handy right now). > > Then I noticed that running "httpd -l "on my server showed rewrite was not > one of the modules. Is mod_so one of them? If so then you can add mod_rewrite as a module without rebuilding Apache. I am sure that a swift visit to www.apache.org will help you locate the mod_rewrite module. If you don't have mod_so and hence dynamic modules aren't enabled then you may wish to consider a *lightweight* apache front end which determines whenther or not the packets are genuine and passes them on to your original APache installation (running on a different port). HOWEVER how do you identify that the packet is not wanted? do you see whether it is a request for a particular directory? The general opinion on nimda on other mailing lists I am on is if you are not running at risk software then you just have to ignore the loss of bandwidth and take the hit.... > Of course if someone has another suggestion for deflecting evil scanning > threads, I am all ears. Eh? Alex ===== Alex McLintock al...@OW... Open Source Consultancy in London OpenWeb Analysts Ltd, http://www.OWAL.co.uk/ SF and Computing Book News and Reviews: http://news.diversebooks.com/ Get Your XML T-Shirt <t-shirt/> at http://www.inversity.co.uk/ ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie |
|
From: barry <sla...@i1...> - 2001-09-25 17:52:41
|
Thanks all for your help so far! I am adding new blocks and trying to reconfigure old ones and am seeing the following: - trying to remove freshmeat form the the index page. I changed the section for the freshmeat portald block to blank. I thought that would make it not be a default (bolded) entry on the customize homepage, but alas that is not so. It does not show up on the index page anymore, so at least that is proper behavior Any ideas why it still shows up as a default? I have restarted apache and slashd hoping that would help, but it didn't... Barry |
|
From: barry <sla...@i1...> - 2001-09-25 18:04:40
|
Nevermind - I figured it out - you have to set the ordernum = -1 Barry At 10:48 AM 9/25/2001 -0700, barry wrote: >Thanks all for your help so far! > >I am adding new blocks and trying to reconfigure old ones and am seeing >the following: > >- trying to remove freshmeat form the the index page. I changed the >section for the freshmeat portald block to blank. I thought that would >make it not be a default (bolded) entry on the customize homepage, but >alas that is not so. It does not show up on the index page anymore, so at >least that is proper behavior > >Any ideas why it still shows up as a default? > >I have restarted apache and slashd hoping that would help, but it didn't... > > >Barry > |
|
From: Dave H. <da...@da...> - 2001-09-24 17:46:14
|
barry <sla...@i1...> writes: > Do I need to rebuild apache? If so how do I add mod_rewrite? Or do I > just need to add a LoadModule/AddModule pair into http.conf? In case > it is the latter, I noticed that my machine has neitehr rewrite.c nor > rewrite.so on it - where would I get those from? Only if mod_so is loaded... > > > Of course if someone has another suggestion for deflecting evil > scanning threads, I am all ears. Check the mod_perl list archives, there's been a module doing the rounds. -- David Hodgkinson, Wizard for Hire http://www.davehodgkinson.com Editor-in-chief, The Highway Star http://www.deep-purple.com Interim Technical Director, Web Architecture Consultant for hire ---------- chmod a+x /bin/laden ---------- |
Thanks for helping keep SourceForge clean.
X