On Wed, 19 Apr 2006, steve szmidt wrote:
> On Wednesday 19 April 2006 01:41, Eben King wrote:
>> I have a small, personal web site, served using thttpd (I said it was
>> small). I run it on port 81, to avoid the IIS attack du jour.
>>
>> There is one machine that's made about 300 hits since 13/Apr/2006:11:47:57,
>> often hitting the same page dozens of times in a row, with 8-60 seconds
>> between hits. His hits stop coming in the evening and resume in the early
>> afternoon. What's the deal here? How can I cut him off, using e.g.
>> hosts.deny or similar (I already have ALL : ALL in there)?
>
> You are using the builtin firewall are you not?
No, but good point; I could block him at the router (if the router's halfway
decent).
> If it's always on the same IP you can add an entry like DROP. Though I'd be
> curious about what he's doing. Have you tried recording the traffic and
> inspect what he's doing?
I have thttpd.log; is that sufficient?
> Playing nice is important for those who have various legit or should I say
> important traffic, moving through. Then you want to pay more attention on
> your equipment working standardly with others. For a home setup where you
> don't really care and are more concerned about security you can use DROP and
> disappear.
Noted, thanks.
-- -eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactar SCORPIO: Get ready for an unexpected trip when you fall screaming from an open window. Work a little harder on improving your low self esteem, you stupid freak. -- Weird Al, _Your Horoscope for Today_ ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:36:34 EDT