Re: Interpreting logwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Timothy Murphy wrote:
> Every few days I see in the logwatch on my Centos-5.5 web-server
> what seems like a rather feeble break-in attempt.
> Eg today I see
> ---------------------------
>     403 Forbidden
>        /phpMyAdmin/scripts/setup.php: 2 Time(s)
>        /phpmyadmin/scripts/setup.php: 2 Time(s)
>     404 Not Found
>        /PMA2005/scripts/setup.php: 1 Time(s)
>        /TRAD_files/datestamp.js: 1 Time(s)
> ...
> ---------------------------
> followed by dozens of similar lines.
>
> As far as I can see, the IP of the person making the attempt
> (if there was an attempt) is not given.
>
> I'm not at all sure what if anything I should do about this.
>
> In fact, I'm not clear how one should deal with logwatch entries
> in general.
> Is there any document giving advice on this?

We run fail2ban. It blocks a given IP for so long after so many (3? 5?)
failed attempts to break in. It also does a whois on the IP, which is a
little more info.

          mark, wondering if the Chinese Railway is trying again today

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux