Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Cannot deny access to these addresses! |
|
| Author |
|
simoon
Joined: 19 Sep 2007
Posts: 6
|
 Posted: Thu 20 Sep '07 4:38 Post subject: Cannot deny access to these addresses! |
 |
|
I found in my Apache2 access.log that these IP mostly from China keep "GET" "Post" a /discuz/ directory that is not exit on my server. Even I use .htaccess to deny all and allow none, they are still able to leave 3000 lines of log overnight. How are they able to get access and what should I do to block them out?
Following is some of the log look like.
116.24.119.219 - "" [20/Sep/2007:02:45:00 +0800] "POST /discuz/hk_4everlove/register.php?regsubmit=yes HTTP/1.0" 401 489 "ht$
238.17.36.59.broad.dg.gd.dynamic.163data.com.cn - - [20/Sep/2007:02:51:15 +0800] "POST /discuz/lovedreamforum/logging.php?ac$
61.51.102.46 - "" [20/Sep/2007:02:52:04 +0800] "POST /discuz/foreverfriend/register.php?regsubmit=yes HTTP/1.0" 401 485 "htt$
215.136.61.58.broad.sz.gd.dynamic.163data.com.cn - - [20/Sep/2007:02:53:17 +0800] "GET /discuz/karen/register.php HTTP/1.1" $
222.244.237.182 - "" [20/Sep/2007:04:04:26 +0800] "POST /discuz/kelvin.bbs/register.php?regsubmit=yes HTTP/1.0" 401 485 "htt$
218.201.195.34 - - [20/Sep/2007:04:19:11 +0800] "GET /discuz/bread/register.php HTTP/1.1" 401 489 "-" "Mozilla/4.0 (compatib$
Please help me. |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Thu 20 Sep '07 15:11 Post subject: |
|
|
Check your httpd.conf file to see if it contains an AllowOverride directive.
If AllowOverride specifies "None" - or it does not include "Limit" - then .htaccess files will have no effect.
-tom- |
|
| Back to top |
|
simoon
Joined: 19 Sep 2007
Posts: 6
|
| Posted: Fri 21 Sep '07 12:57 Post subject: |
|
|
Thank you tom
I have AllowOverride All and I am sure my deny all in .htaccess is working because I can't access my site.
You can note in the log I provided even I turn HostnameLookup On most of these logged access is an IP address. Strange. |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Fri 21 Sep '07 14:13 Post subject: |
|
|
The response code for these requests is 401 - Unauthorized - which prompts for a username/password.
Maybe your httpd.conf is configured for authentication, i.e. it has a Require directive?
If this is the case, you could add a Satisfy All directive to your .htaccess file. This should change the response code to 403 - Forbidden.
By default, all requests (whether successful or unsuccessful) go into your access.log file.
re: "logged access is an IP address"
Most of these IP addresses do not have any DNS name. Perhaps they are spoofed IP addresses.
-tom- |
|
| Back to top |
|
simoon
Joined: 19 Sep 2007
Posts: 6
|
| Posted: Mon 24 Sep '07 3:24 Post subject: |
|
|
tdonovan
You are right, these IP are logged at the access.log when they arrived the homepage, and because they don't tried any of the username and password field, there is nothing to log into the error.log. It looks like they have gotten access but actual just stop by at the home page and leave. |
|
| Back to top |
|
|
|
|
|
|
