logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: spoofed IP?
Author
Danll



Joined: 02 Aug 2013
Posts: 49
Location: USA, Houston

PostPosted: Tue 14 Oct '14 4:50    Post subject: spoofed IP? Reply with quote

In looking at my logs, I see an IP that is doing some suspicious stuff. It seems to be an IP ID'd by HoneyPot. OK, no sweat, I say, I'll just "deny" it in my .htaccess file. I do that. Ten minutes later, that same IP is on my doorstep again, and getting served by my server. Huh? I checked my "deny" command, and everything looked right.

Is this IP spoofing? If IP spoofing is happening, is my server responding correctly? That is, is a client getting into in my system with one IP, but telling my Apache server that it's another IP?

This IP has a pretty unique User Agent, so I suppose I can kill it off that way.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 14 Oct '14 17:48    Post subject: Reply with quote

A deny give only a 403 but does not block it entirely. Better you block it in your firewall.
Back to top


Reply to topic   Topic: spoofed IP? View previous topic :: View next topic
Post new topic   Forum Index -> Apache