Results 1 to 7 of 7

Thread: How to see list of blacklisted IPs in Apache?

  1. #1
    Join Date
    Aug 2010
    Beans
    4

    How to see list of blacklisted IPs in Apache?

    Hi all,

    I'm using Apache server's dos_evasive module to block DoS attacks. How do I see the list of blacklisted IPs? because I want to delete from time to time to monitor the IPs that are blacklisted, but do not know how to. Does anyone have an idea?

    Thanks,
    Ray

  2. #2
    Join Date
    Jun 2007
    Location
    Oklahoma City, OK
    Beans
    200
    Distro
    Kubuntu 10.04 Lucid Lynx

    Re: How to see list of blacklisted IPs in Apache?

    The list is held in memory, you would have to grep for Blacklist in /var/log/messages (or wherever you set mod_evasive to log to)
    Te audire no possum. Musa sapientum fixa est in aure.

  3. #3
    Join Date
    Aug 2010
    Beans
    4

    Re: How to see list of blacklisted IPs in Apache?

    thanks for your response, my logs are in ; /var/log/apache2/mod_evasive but when i check they are empty, what is the command line for the grep pls? i used grep 'blacklist' in the log directory, didn't work...

  4. #4
    Join Date
    Jun 2007
    Location
    Oklahoma City, OK
    Beans
    200
    Distro
    Kubuntu 10.04 Lucid Lynx

    Re: How to see list of blacklisted IPs in Apache?

    Quote Originally Posted by ray otti View Post
    thanks for your response, my logs are in ; /var/log/apache2/mod_evasive but when i check they are empty, what is the command line for the grep pls? i used grep 'blacklist' in the log directory, didn't work...
    try grep -i 'blacklist' /var/log/apache2/mod_evasive

    IIRC you can also configure mod_evasive to email you when it blacklists someone.
    Te audire no possum. Musa sapientum fixa est in aure.

  5. #5
    Join Date
    Aug 2010
    Beans
    4

    Re: How to see list of blacklisted IPs in Apache?

    tried grep -i 'blacklist' /var/log/apache2/mod_evasive but it just returned the prompt like it was just a save or create directory command. I entered the /var/log/apache2/mod_evasive directory and typred in grep -i 'blacklist just behaves as before; goes on like it's opening a gedit but never opens anything......

  6. #6
    Join Date
    Jun 2007
    Location
    Oklahoma City, OK
    Beans
    200
    Distro
    Kubuntu 10.04 Lucid Lynx

    Re: How to see list of blacklisted IPs in Apache?

    that is a directory?

    what's in the directory?
    Te audire no possum. Musa sapientum fixa est in aure.

  7. #7
    Join Date
    Aug 2010
    Beans
    4

    Re: How to see list of blacklisted IPs in Apache?

    u know when I do cd /var;
    cd log and so on.... then I get into the var/log/apache2/mod_evasive but normally like I said I use grep -i 'blacklist' it just behaves like it's a mkdir command.
    I'm running bonesi on one client and attacking the server just to test the resilience of mod_evasive but I can't see the list of blacklisted IPs. I wanna know if mod_evasive is actually sending 403s and eventually blocking these IPs but I dnt know how to find out. I looked into the /var/log/messages and I found out it says; possible SYN flooding on port 80. Sending cookies.... I dnt understand why is it sending cookies if there's a possible SYN flooding? but my main interest is the blacklisting. Really wanna find where the list is.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •