> > Every few days I see in the logwatch on my Centos-5.5 web-server what seems > like a rather feeble break-in attempt. > Eg today I see > --------------------------- > 403 Forbidden > /phpMyAdmin/scripts/setup.php: 2 Time(s) > /phpmyadmin/scripts/setup.php: 2 Time(s) > 404 Not Found > /PMA2005/scripts/setup.php: 1 Time(s) > /TRAD_files/datestamp.js: 1 Time(s) ... > --------------------------- > followed by dozens of similar lines. > > As far as I can see, the IP of the person making the attempt (if there was > an attempt) is not given. > > I'm not at all sure what if anything I should do about this. > Logwatch is just an automated tool that runs a few checks on your log files. The source IP is in your apache log files. If you are concerned, you should check your log files to check for that IP and then run a check on whether that IP appears elsewhere in any of your logfiles. The likelihood is that someone ran a vulnerability scanner against all your available services, logwatch found evidence of that vulnerability scan, and you should check whether any other vulnerabilities were scanned for and perhaps found... To do that you should manually check your log files or use a better tool. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos