Ola. Estou tendo um problema de tentativas de invasão pelo apache. Além de iptables, alguém conhece alguma forma de bloquear essas tentativas de invasão ?....estou postando o log que o ossec me enviou:
OSSEC HIDS Notification.
2008 Feb 19 12:38:15
Received From: GIA->/etc/httpd/logs/access_log
Rule: 31151 fired (level 10) -> "Mutiple web server 400 error codes from same source ip."
Portion of the log(s):
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:15 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
201.25.28.170 - - [19/Feb/2008:12:37:08 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
201.25.28.170 - - [19/Feb/2008:12:37:08 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
[]'s, Renato
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"