| 1 |
On 1/11/21 5:00 PM, thelma@×××××××××××.com wrote: |
| 2 |
> On 1/11/21 4:41 PM, Michael wrote: |
| 3 |
>> On Monday, 11 January 2021 23:05:55 GMT thelma@×××××××××××.com wrote: |
| 4 |
>>> I've one persistent user (Russian IP) that is populating my apache log |
| 5 |
>>> files. |
| 6 |
>>> |
| 7 |
>>> I tried 00_mod_log_config.conf |
| 8 |
>>> |
| 9 |
>>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog |
| 10 |
>>> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog |
| 11 |
>>> CustomLog /var/log/apache2/access_log common env=!dontlog |
| 12 |
>>> |
| 13 |
>>> But I still see this IP in my access_log. |
| 14 |
>> |
| 15 |
>> If it is the same IP address persistently attacking the server, I would be |
| 16 |
>> tempted to block it, or the whole /24 subnet it belongs to, at the perimeter |
| 17 |
>> firewall. Of course, persistent actors will hop off another IP address, so |
| 18 |
>> there are diminishing returns in this game. |
| 19 |
> |
| 20 |
> I did block this IP and it is working |
| 21 |
> Require not ip 45.93.201.0/24 |
| 22 |
> |
| 23 |
> I hardly resolve to blocking IP from log files, but if they try to ping/access your network 4 or 5 per second your log files will tend to grow. |
| 24 |
> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog |
| 25 |
> didn't work. |
| 26 |
> |
| 27 |
> Just today from about 7am to 4pm about 96K pings from this IP. |
| 28 |
|
| 29 |
I forgot to mention, my firewall doesn't have any capabilities to enter any configuration in IP tables. |
| 30 |
Maybe I'll look for one that does. |
Archives