2

I'm receiving too many requests on my server from different ip addresses. I discovered, watching apache access.log, that all these ip addresses are requesting a specific file (teXeFe.php). I'd like to block the access to all these ip addresses. How can I do it?

Improve this question

2 Answers 2

Reset to default
6

How about using the iptables string match ?

Something like, 

iptables -I INPUT 1 -m string --algo bm --string "teXeFe.php" -j DROP

I inserted the rule at position one just for testing since I had other rules that matched before this one if it was insterted furhter down the chain. Anyway, you get the concept. You could also be a little more specific in the rule (including the GET /full/url/path etc).

Here is page describing the string-matching filter,
- http://spamcleaner.org/en/misc/w00tw00t.html

And here's another stackoverflow-question about it,
- iptable rule to drop packet with a specific substring in payload

Hope that helps!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The provided solution did not work for me. Here is what did:

iptables -A INPUT -p tcp -m string --string "/path/to/file.php" --algo kmp -j REJECT
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.