how to kill an IP who is browsing / download in apache server???

how to kill an IP who is browsing / download ??


if shutdown -r now or shutdown -h now, it is taking care "HACKER of the Notorious", but for "baby hacker". I want to kill that IP in a linux command.

I do not wish to restart httpd!!!!!!!!!!


any bright ideas are welcome!!!!

Why this topic again? This is like the third time you've asked.

Go read about ipchains / iptables. It should be trivial to add a rule on a case-by-case basis from the command line.

A quick iptables based solution may be something along the lines of:

That'll prevent them from connecting to any service on your box... assuming you're running linux, with iptables.

You could probably do something in an .htaccess file too... but that would only prevent connections to apache, not other services.

First off, I don't know anything about iptables, since ipfilter is far more robust and mature.

>> REJECT --reject-with icmp-port-unreachable

That would be appropriate for udp packets. Echo reply with port-unr for TCP reveals to the other end that your port is actually open, which is an extremely bad way for any packet filter ruleset. The proper/secure way is to reply with RESET, in ipfilter, that's return-rst.

I am not sure if iptables supports dynamic rulesets. In ipfilter, I can insert dynamic rule on-the-fly to my 1st rule or group, without reloading my entire static rulesets. Of course, to make it permanent, I can insert it to my /etc/ipf.rules and reload it. This could be a way to avoid DOS attack to Apache, but it's somewhat expensive to really implement it.

freebsd,

That's good stuff to know - I didn't realize that using port unreachable for tcp revealed that the port was open.

Yes, iptables does support dynamic rules (if we're thinking of the same thing).

auth/ident (tcp port 113) is a good example. If your ruleset blocks it without a reply or reply with port unreachable, that doesn't stop the timeout.
The proper way is to send a TCP RESET so it doesn't timeout at all. This is true for all tcp on any port (listening/not listening).

can u put it in more simple and direct comand, so that I can tried out what u said.

I must again I am a newbie and depsite I have made a running working site. I still have many things to learn.