You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec-list
Below is a message I received from OSSEC that is obviously someone
trying to scan for database management tools. Fortunately I don't use
any on the address they were scanning, but I'd like to be able to have
OSSEC automatically block that IPs attempts. Can HTTP requests block
IPs using hosts.deny?
OSSEC HIDS Notification.
2011 May 07 03:17:27
Received From: (host) xxx.xxx.xxx.xxx->/var/log/httpd/access_log
Rule: 31151 fired (level 10) -> "Mutiple web server 400 error codes
from same source ip."
Portion of the log(s):
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec...@googlegroups.com
You could also try using the route-null/null-route script to drop offending IPs. I find this less "intrusive" and complicated versus dealing with iptables.
treydock
unread,
May 7, 2011, 6:42:39 PM5/7/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ossec-list
The route-null idea might be best for me as I don't use IPtables
regularly. How could I use route-null with the configuration Frank
provided?
Thanks
- Trey
Jeremy Lee
unread,
May 7, 2011, 6:50:12 PM5/7/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message