Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: spoofed IP? |
|
Author |
|
Danll
Joined: 02 Aug 2013 Posts: 49 Location: USA, Houston
|
Posted: Tue 14 Oct '14 4:50 Post subject: spoofed IP? |
|
|
In looking at my logs, I see an IP that is doing some suspicious stuff. It seems to be an IP ID'd by HoneyPot. OK, no sweat, I say, I'll just "deny" it in my .htaccess file. I do that. Ten minutes later, that same IP is on my doorstep again, and getting served by my server. Huh? I checked my "deny" command, and everything looked right.
Is this IP spoofing? If IP spoofing is happening, is my server responding correctly? That is, is a client getting into in my system with one IP, but telling my Apache server that it's another IP?
This IP has a pretty unique User Agent, so I suppose I can kill it off that way. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Tue 14 Oct '14 17:48 Post subject: |
|
|
A deny give only a 403 but does not block it entirely. Better you block it in your firewall. |
|
Back to top |
|
|
|
|
|
|