I watch the connections by
Code: Select all
tail -f /var/log/apache2/access.log
Code: Select all
netstat -ta
Code: Select all
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:nfs *:* LISTEN
tcp 0 0 *:swat *:* LISTEN
tcp 0 0 *:34310 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:41483 *:* LISTEN
tcp 0 0 *:netbios-ssn *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 bitch.local:http-alt 61.149.211.48:4027 SYN_RECV
tcp 0 0 *:auth *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
tcp 0 0 localhost:ipp *:* LISTEN
tcp 0 0 *:42936 *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
tcp 0 0 *:microsoft-ds *:* LISTEN
tcp 0 0 bitch.loca:microsoft-ds titan.local:3878 ESTABLISHED
tcp 0 0 bitch.local:50439 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:50429 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:54362 207.114.197.72:www TIME_WAIT
tcp 0 0 bitch.local:40993 brwapp10.mpire.com:www TIME_WAIT
tcp 0 0 bitch.local:33048 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:33047 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:40997 brwapp10.mpire.com:www TIME_WAIT
tcp 0 0 bitch.local:34875 a.tribalfusion.com:www TIME_WAIT
tcp 0 0 bitch.local:50474 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.loca:microsoft-ds titan.local:4059 ESTABLISHED
tcp 0 0 bitch.local:38626 ad1.p3.vip.rm.sp1.y:www ESTABLISHED
tcp 0 0 bitch.local:50528 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:46403 media6.snv.vcmedia.:www TIME_WAIT
tcp 0 0 bitch.local:33048 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:33047 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:54380 207.114.197.72:www TIME_WAIT
tcp 0 0 bitch.local:40997 brwapp10.mpire.com:www TIME_WAIT
tcp 0 0 bitch.local:50540 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:34875 a.tribalfusion.com:www TIME_WAIT
tcp 2896 0 bitch.local:60460 ip67-88-217-231.z21:www ESTABLISHED
tcp 0 0 bitch.local:54393 207.114.197.72:www TIME_WAIT
tcp 0 0 bitch.local:50474 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.loca:microsoft-ds titan.local:4059 ESTABLISHED
tcp 0 0 bitch.local:54348 207.114.197.72:www TIME_WAIT
tcp 0 0 bitch.local:41780 www.clickboothlnk.c:www TIME_WAIT
tcp 0 0 bitch.local:56484 66.179.234.169:www TIME_WAIT
tcp 0 0 bitch.local:45742 cf-in-f147.google.c:www TIME_WAIT
tcp 0 0 bitch.local:50523 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:38576 ad1.p3.vip.rm.sp1.y:www TIME_WAIT
tcp 0 0 bitch.local:41817 rd6.apmebf.com:www TIME_WAIT
tcp 0 0 bitch.local:50464 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:50536 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:38677 ad1.p3.vip.rm.sp1.y:www TIME_WAIT
tcp 0 0 bitch.local:46487 media6.snv.vcmedia.:www TIME_WAIT
tcp 0 0 bitch.local:38490 lax-agg-n14.panther:www TIME_WAIT
tcp 0 0 bitch.local:52755 integraclick.wip.di:www TIME_WAIT
tcp 0 0 bitch.local:50448 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:56372 207.114.197.71:www TIME_WAIT
tcp 0 0 bitch.local:38490 lax-agg-n14.panther:www TIME_WAIT
tcp 0 0 bitch.local:52755 integraclick.wip.di:www TIME_WAIT
tcp 0 0 bitch.local:50448 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:56372 207.114.197.71:www TIME_WAIT
tcp 0 0 bitch.local:33105 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:56427 207.114.197.94:www TIME_WAIT
tcp 0 0 bitch.local:33025 209-250-234-186.ip.:www TIME_WAIT
tcp 0 0 bitch.local:42478 cf-in-f127.google.c:www TIME_WAIT
tcp 0 0 bitch.local:56360 207.114.197.71:www TIME_WAIT
tcp 0 0 bitch.local:41053 brwapp10.mpire.com:www TIME_WAIT
tcp 0 0 bitch.local:50591 64.27.17.205:www TIME_WAIT
tcp 0 0 bitch.local:45434 74-203-60-109.stati:www TIME_WAIT
tcp6 0 0 [::]:http-alt [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:1678 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 58.55.82.117%30867:3436 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 58.55.82.117%30867:3572 FIN_WAIT2
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:3403 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.135%308:2924 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 58.55.82.117%30867:1582 FIN_WAIT2
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:4059 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 60.215.111.31%308:59084 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 222.90.191.21%3086:4406 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:3644 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 222.90.191.21%3086:2189 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:2900 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 143.109.56.59.bro:63750 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 58.55.82.117%30867:1677 FIN_WAIT2
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.135%308:1226 TIME_WAIT
tcp6 0 584 192.168.1.103%8191:ssh 66-126-189-162.ce:10583 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 125.65.112.138%308:1147 TIME_WAIT
tcp6 0 0 192.168.1.103%:http-alt 158.111.56.59.bro:61815 ESTABLISHED
tcp6 0 0 192.168.1.103%:http-alt 143.109.56.59.bro:63073 TIME_WAIT
This is what my log file is full of:
Code: Select all
68.188.181.163 - - [28/Aug/2008:13:40:00 -0700] "GET http://adserving.cpxinteractive.com/st?ad_type=pop&ad_size=0x0§ion=256058&banned_pop_types=29&pop_times=1&pop_frequency=86400 HTTP/1.1" 200 4225 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
68.188.181.163 - - [28/Aug/2008:13:40:00 -0700] "GET http://adserving.cpxinteractive.com/st?ad_type=pop&ad_size=0x0§ion=256058&banned_pop_types=29&pop_times=1&pop_frequency=86400 HTTP/1.1" 200 4224 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.76 [en] (X11; U; SunOS 5.7 sun4u)"
69.20.123.148 - - [28/Aug/2008:13:40:00 -0700] "GET http://ad.adserverplus.com/st?ad_type=pop&ad_size=0x0§ion=289946&banned_pop_types=29&pop_times=1&pop_frequency=86400 HTTP/1.1" 200 4225 "http%3A%2F%2Fwww.vafq.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; (R1 1.5))"
70.184.245.196 - - [28/Aug/2008:13:40:00 -0700] "GET http://adserving.cpxinteractive.com/rw?title=New%20offer%21&qs=iframe3%3FoNFKABenBACKpQwA%2DDcEAAIAAAAAAP8AA%3D%2C%2Chttp%3A%2F%2Fwww%2Esecommission%2Ecom%2Findex%2Ehtml HTTP/1.1" 200 560 "http%3A%2F%2Fwww.secommission.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2; TencentT"
59.56.109.143 - - [28/Aug/2008:13:40:00 -0700] "GET http://a.tribalfusion.com/jr.ad?site=educationatlas&adSpace=ros&tagKey=3973172069&size=728x90|468x60&p=15944259&a=1&flashVer=0&ver=1.14¢er=1&url=http%3A%2F%2Fwww.education-atlas.org%2F&rnd=15952700 HTTP/1.0" 200 1375 "http://www.education-atlas.org/" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
59.56.111.158 - - [28/Aug/2008:13:40:00 -0700] "GET http://ad.yieldmanager.com/iframe3?q8FPALemBADvAA0A-08EAAIAAAAAAP8AAAAFDgIAAgNfDQYAbE0DAKxvBgAAAAAA//www.mobilemastee.com/ HTTP/1.0" 200 1074 "http://optimizedby.rmxads.com/st?ad_type=iframe&ad_size=300x250§ion=304823" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
69.20.123.148 - - [28/Aug/2008:13:40:00 -0700] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=289946&_salt=3871810475&B=2&u=http%3A%2F%2Fwww.vafq.com%2Findex.html HTTP/1.1" 200 6649 "http%3A%2F%2Fwww.vafq.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; (R1 1.5))"
::1 - - [28/Aug/2008:13:40:01 -0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-3 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0 (internal dummy connection)"
68.188.181.163 - - [28/Aug/2008:13:40:01 -0700] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=256058&_salt=1928825373&B=2&u=http%3A%2F%2Fwww.megafast.info%2Findex.html HTTP/1.1" 200 6663 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
69.20.123.148 - - [28/Aug/2008:13:40:01 -0700] "GET http://ad.adserverplus.com/rw?title=&qs=iframe3%3Fks9PAJpsBABswwsAIDECAAIAAAAAAP8AAAAFD%3D%2C%2Chttp%3A%2F%2Fwww%2Evafq%2Ecom%2Findex%2Ehtml HTTP/1.1" 200 542 "http%3A%2F%2Fwww.vafq.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; (R1 1.5))"
68.188.181.163 - - [28/Aug/2008:13:40:01 -0700] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=256058&_salt=224375794&B=2&u=http%3A%2F%2Fwww.megafast.info%2Findex.html HTTP/1.1" 200 6681 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.76 [en] (X11; U; SunOS 5.7 sun4u)"
221.2.225.234 - - [28/Aug/2008:13:40:01 -0700] "GET http://ad.media-servers.net/st?ad_type=ad&ad_size=120x600§ion=267069 HTTP/1.0" 200 4159 "http://www.it2net.com/software/softgrp.htm" "Mozilla/4.76 (Macintosh; U; PPC)"
68.188.181.163 - - [28/Aug/2008:13:40:01 -0700] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=256058&_salt=2233512953&B=2&u=http%3A%2F%2Fwww.megafast.info%2Findex.html HTTP/1.1" 200 6663 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
::1 - - [28/Aug/2008:13:40:02 -0700] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.9 (Debian) PHP/5.2.6-3 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0 (internal dummy connection)"
68.188.181.163 - - [28/Aug/2008:13:40:02 -0700] "GET http://adserving.cpxinteractive.com/rw?title=&qs=iframe3%3FahM7ADroAwAaeA8AYF8EAAIAAAAAAP8AAAAF%2E%2E%2E8fUJek5z8AgNrQpMPhP%2E%2E%2Eb23Ts%2EM%2EAAAAAAAAAAD%2E%2Ez%2EnGUX6PwAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D%2C%2Chttp%3A%2F%2Fwww%2Emegafast%2Einfo%2Findex%2Ehtml HTTP/1.1" 200 547 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.76 [en] (X11; U; SunOS 5.7 sun4u)"
68.188.181.163 - - [28/Aug/2008:13:40:03 -0700] "GET http://adserving.cpxinteractive.com/rw?title=&qs=iframe3%3FahM7ADroAwBPAgwA268DAAIAAAAAAP8AAAAA%3D%2C%2Chttp%3A%2F%2Fwww%2Emegafast%2Einfo%2Findex%2Ehtml HTTP/1.1" 200 547 "http%3A%2F%2Fwww.megafast.info%2Findex.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)"
I've tried setting up LIMIT directives in .htaccess but that doesn't do it. I've read the links off google that talks about mod_rewrite and i've added the generic stuff to my .htaccess files but no go.
So what are my options to limit this? Can I add information to my /etc/hosts.allow and /etc/hosts.deny to only allow certain IP's from accessing the machine and would this work? and if so how would i properly set it up?
side note: the machine is a dev box that i use for testing when i'm at home and it sits in my closet. when i am at work i like to use it for other ... "purposes".
any help is greatly appreciated.