I was browsing /var/log/httpd/access_log and was freaked out to see a bunch of entries like this:
77.92.85.162 – – [31/Jan/2011:13:32:34 -0600] “POST http://83.170.84.12:6667/ HTTP/1.0” 200 1511 “-” “-“
77.92.85.162 – – [31/Jan/2011:13:32:37 -0600] “CONNECT 83.170.84.12:6667 HTTP/1.0” 405 314 “-” “-“
Someone’s trying to access an IRC server from my server? Huh? I should probably block that.
iptables -A INPUT -s 77.92.85.162 -j DROP
service iptables save
Now when I
iptables -L
I see the new entry for the culprit:
DROP all — rimmer.antycip.co.uk anywhere
A bit of googlefu turns up that’s a well known “Problem IP.”
FYI – XS 0.6 keeps its iptables rules in this file:
/etc/sysconfig/olpc-scripts/iptables-xs