Timothy Murphy wrote: > Every few days I see in the logwatch on my Centos-5.5 web-server > what seems like a rather feeble break-in attempt. > Eg today I see > --------------------------- > 403 Forbidden > /phpMyAdmin/scripts/setup.php: 2 Time(s) > /phpmyadmin/scripts/setup.php: 2 Time(s) > 404 Not Found > /PMA2005/scripts/setup.php: 1 Time(s) > /TRAD_files/datestamp.js: 1 Time(s) > ... > --------------------------- > followed by dozens of similar lines. > > As far as I can see, the IP of the person making the attempt > (if there was an attempt) is not given. > > I'm not at all sure what if anything I should do about this. > > In fact, I'm not clear how one should deal with logwatch entries > in general. > Is there any document giving advice on this? We run fail2ban. It blocks a given IP for so long after so many (3? 5?) failed attempts to break in. It also does a whois on the IP, which is a little more info. mark, wondering if the Chinese Railway is trying again today _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos