Re: Interpreting logwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



From: Timothy Murphy <gayleard@xxxxxxxxxx>

> Every few days I see in the logwatch on my Centos-5.5 web-server
> what seems  like a rather feeble break-in attempt.
> Eg today I  see

I get proxy scans and phpmyadmin (and others) vulnerabilities scans everyday...
They just get 404s in return...
You can check the IPs in apache error_log
In the beginning I was reporting them to their ISPs but, with the high numbers 
of daily scans, I just gave up...
Either they are part of a botnet (so clueless users infected pcs), or they are 
abroad (Asia) and the ISP will just mostly ignore your email...
Maybe just make sure your set apache ServerSignature to Off...
One annoying "bug" about logwatch is that it does not cope with the lack of year 
in yum.log dates, so it will happily report packages installs from last years as 
if it just happened...

JD


      
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux