Hacking Apache Server

[manikabedi]

I have an auction site deployed on Apache and some one is doing a telnet to my server on port 80 and doing GET and POST. As a result my server stops working.

This is the text I copied it from log files.
211.147.1.82 - - [02/Sep/2003:08:59:31 +0100] "GET / HTTP/1.1" 400 380
211.147.1.82 - - [02/Sep/2003:08:59:43 +0100] "POST / HTTP/1.1" 500 604

Please help!!!!!!!!!

 

[Wullie]

Short term - Block the IP address at your firewall.

Wullie

http://www.necomputers.org.uk

http://www.freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.whiland.co.uk

The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell

 

[Morsing]

How on earth can this stop your server from working?

Cheers

Henrik Morsing
Certified AIX 4.3 Systems Administration
& p690 Technical Support

 

[HondaSir]

disable telnet access

 

[Tracey]

I have the same problem, only the user is obviously on modem (differing ip addresses)

I do not have telnet enabled, surely this is why it is being logged in error.log?

does anyone have a real solution to this?

Tracey
Remember... True happiness is not getting what you want...

Its wanting what you have got!

 

[manikabedi]

The person who telnets my server sends POST requests, which causes and internal server error. This is what I got from log files:

211.147.1.82 - - [02/Sep/2003:08:59:31 +0100] "GET / HTTP/1.1" 400 380
211.147.1.82 - - [02/Sep/2003:08:59:43 +0100] "POST / HTTP/1.1" 500 604

You can see , the http status code, 400 - means it is a bad request; 500 - means it is Internal server error.

 

[danielhozac]

Internal server errors causes your webserver to crash? What OS are you on?

//Daniel

 

[tarn]

You could probably trap the GET||POST / and do a redirect to some other page or why not change your 400 and 500 responces to be a polite message like "Please check that you have requested a valid rescorce, NOW GO AWAY!"

See your httpd.conf for more on 400, 404, 500 error handeling.

But I would suggest that if a 500 crashes your server then you have a rather more serious problem than a simple rouge user.

Good Luck,
Laurie.