From: mad.scientist.at.large@tutanota.com
To: Gentoo User <gentoo-user@lists.gentoo.org>
Subject: Re: [gentoo-user] preventing some IP's from from being logged in apache
Date: Tue, 12 Jan 2021 05:15:09 +0100 (CET) [thread overview]
Message-ID: <MQonUmi--3-2@tutanota.com> (raw)
In-Reply-To: <25a8a0f0-41d9-6548-8ea5-845d8f2bf27c@sys-concept.com>
--"Fascism begins the moment a ruling class, fearing the people may use their political democracy to gain economic democracy, begins to destroy political democracy in order to retain its power of exploitation and special privilege." Tommy Douglas
Jan 11, 2021, 17:09 by thelma@sys-concept.com:
> On 1/11/21 5:00 PM, thelma@sys-concept.com wrote:
>
>> On 1/11/21 4:41 PM, Michael wrote:
>>
>>> On Monday, 11 January 2021 23:05:55 GMT thelma@sys-concept.com wrote:
>>>
>>>> I've one persistent user (Russian IP) that is populating my apache log
>>>> files.
>>>>
>>>> I tried 00_mod_log_config.conf
>>>>
>>>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog
>>>> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog
>>>> CustomLog /var/log/apache2/access_log common env=!dontlog
>>>>
>>>> But I still see this IP in my access_log.
>>>>
>>>
>>> If it is the same IP address persistently attacking the server, I would be
>>> tempted to block it, or the whole /24 subnet it belongs to, at the perimeter
>>> firewall. Of course, persistent actors will hop off another IP address, so
>>> there are diminishing returns in this game.
>>>
>>
>> I did block this IP and it is working
>> Require not ip 45.93.201.0/24
>>
>> I hardly resolve to blocking IP from log files, but if they try to ping/access your network 4 or 5 per second your log files will tend to grow.
>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog
>> didn't work.
>>
>> Just today from about 7am to 4pm about 96K pings from this IP.
>>
>
> I forgot to mention, my firewall doesn't have any capabilities to enter any configuration in IP tables.
> Maybe I'll look for one that does.
>
That would be the thing to do. You want everything logged, so you know what is happening. If you blocked the logging how would you know if they made progress. You want to know when people are trying to break in, and you want to know when their tactics change. Not logging it is like plugging your' ears and closing your' eyes while the battering ram is pounding your' door...
next prev parent reply other threads:[~2021-01-12 4:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-11 23:05 [gentoo-user] preventing some IP's from from being logged in apache thelma
2021-01-11 23:41 ` Michael
2021-01-12 0:00 ` thelma
2021-01-12 0:09 ` thelma
2021-01-12 4:15 ` mad.scientist.at.large [this message]
2021-01-12 4:22 ` thelma
2021-01-12 6:32 ` J. Roeleveld
2021-01-12 17:11 ` thelma
2021-01-12 17:26 ` J. Roeleveld
2021-01-12 18:51 ` antlists
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MQonUmi--3-2@tutanota.com \
--to=mad.scientist.at.large@tutanota.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox