tentativas de invasão no apache
Ola. Estou tendo um problema de tentativas de invasão pelo apache. Além de iptables, alguém conhece alguma forma de bloquear essas tentativas de invasão ?....estou postando o log que o ossec me enviou:
OSSEC HIDS Notification.
2008 Feb 19 12:38:15
Received From: GIA->/etc/httpd/logs/access_log
Rule: 31151 fired (level 10) -> "Mutiple web server 400 error codes from same source ip."
Portion of the log(s):
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:15 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:38:14 -0300] "PROPFIND /sistema/ HTTP/1.0" 405 443 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
201.25.28.170 - - [19/Feb/2008:12:37:08 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
201.25.28.170 - - [19/Feb/2008:12:37:08 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 404 424 "-" "MSFrontPage/5.0"
[]'s, Renato
201.25.28.170 - - [19/Feb/2008:12:37:09 -0300] "GET /_vti_inf.html HTTP/1.0" 404 410 "-" "Mozilla/2.0 (compatible; MS FrontPage 5.0)"
