Chandran Manikandan wrote:
Hi Lester, Yes i am blocking via iptables those ip's . Is there any permanent solution there.
You are missing the point ... these guys will be moving around weekly so what worked last week will be different next week. It's just an irritation we live with rather than something there will ever be a permanent solution for :(
Best we can do is just irritate them back by feeding useless material so they get fed up trying.
Chandran Manikandan wrote:
Dear All,
I had running logwatch and below message is showing. Is this for someone
hacking
the server. How to fix this issue. Could anyone help me this issue.
Chandran
What do you think needs fixing?
We all get hackers trying to find out what software we are running and I
regularly see reams of entries trying every combination of MySQL possible
web software URL's ... which makes me chuckle since I never run it on
production machines. In the past I used to spend time blocking persistent
hackers using the same IP address a lot, but nowadays I've resorted to
simply forwarding a few key URL's back to Google. Anything with mysql in the
URL returns a google lookup of the IP address for instance :) But I've even
got that switched off at the moment and am not seeing much 'suspect' traffic.
-- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|