Greetingz!
I've been spreading the word about blockhosts, and I've hit a bit of a snag;
I'm attempting to help someone who keeps getting the following in their Apache access_log;
www.mydomain.com||||1181||||120.140.74.198 - - [11/Sep/2010:00:06:32 -0500] "GET /.cod6xo/?action=captcha&a=get&i=45069&v=21 HTTP/1.0" 404 1181 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"
www.mydomain.com||||1181||||67.142.166.21 - - [11/Sep/2010:00:06:29 -0500] "POST /.cod6xo/?action=fbgen&v=125&crc=669 HTTP/1.1" 404 1181 "-" "Mozilla/4.0 (compatible; MSIE 7.0; na; )"
They would like block "GET /.cod6xo/" or "POST /.cod6xo/". I've provided them a ReWriteRule, but they would very much perfer to use blockhosts, as it does a great job of watching over their ProFTPd & SSH services as well.
Thank you!
--- Signed,
Someone Who really sucks with RegExp.
Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
Copyright © 1995-2016 Avinash Chopde, avinash@aczoom.com
block cod6xo
Does the log really have the www.mydomain|||| characters in front of every line?
Normally, the apache log LogFormat definition in httpd.conf puts %h in front - so the IP address of remote server is first in line.
In any case, this should work, add it as per instructions in blockhosts.cfg:
"apache-cod6xo": r'.*?{HOST_IP} .*? "(GET|POST) /.cod6xo/',