[Dshield] Help Request

Rob Webb PacketHunter at comcast.net
Mon May 16 00:02:19 GMT 2005


Glenn,

I have not seen a /255 syntax used.  This most likely needs to be a /8 which
would represent a 255.0.0.0 subnet mask.
A /15 would be 255.254.0.0
A /14 would be 255.252.0.0

 


--Rob 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Glenn Jarvis
Sent: Sunday, May 15, 2005 6:07 PM
To: list at lists.dshield.org
Subject: [Dshield] Help Request

Hi all,
I never had to use this specific method before, but due to circumstances
beyond my control and I really don't wish to explain the whole thing... it
would takes pages, I need to add ip blocking to my .htaccess file. I think I
had the format correct, but when I try it , I get a 500 internal server
error.
Here's an example....


<Files 403.shtml>
order allow,deny
allow from all
</Files>


deny from 218.0.0.0/255
deny from 61.0.0.0/255
deny from 203.0.0.0/255
deny from 220.0.0.0/255
deny from 211.0.0.0/255
deny from 219.0.0.0/255
deny from 64.0.0.0/255
deny from 59.0.0.0/255
Deny from 58.14.0.0/15
Deny from 58.16.0.0/14


The file is actually over 30k. I'm sure folks here will probably notice that
they are all from the Asian area. The focus is to block the pirate sites
from accessing information on my server. I'm not sure , but would the line
"allow from all" be the problem? I've searched google in hopes that there
would be an example out there showing the ip blocking method, but I couldn't
find one. My mailserver had ip blocking, but that was within the software
itself, so naturally, it's methods don't work in this area.
Your help would be greatly appreciated.
For those who may be wondering, our ecommerce partner fraud measures didn't
work on a credit card purchase of one of our products. I found it three days
later floating around pirate sites in Asia and newsgroups. Now the sites
have links to my server (for images and html
pages) posted on their sites which keeps using bandwidth. That's basically
the short version :-)


Thanks in advance
Glenn

--
Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list