Re: Interpreting logwatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On
> Behalf Of Bill Campbell
> Sent: Wednesday, September 08, 2010 12:17 PM
> To: centos@xxxxxxxxxx
> Subject: Re:  Interpreting logwatch

> While fail2ban and swatch are good tools, apache mod_security is
> probably better for dealing with this type of thing as it is
> designed to minimize attacks on web services.
> 
> I think it's a mistake to discount any attacks involving php as
> the vast majority of the systems I have had to clean up after
> cracks have been compromised through php vulnerabilities, usually
> in conjunction with weak user level passwords.
> 
> IHMO, admin tools like phpMyAdmin, webmin, and usermin should be
> carefully restricted, preferably only accessible via a private
> LAN, not from the public internet.  

This lurker is running a family pictures website, and got tired of that
nonsense, so I have a bunch of entries like these in my .htaccess file:

Redirect permanent /phpMyAdmin/ http://127.0.0.1/
Redirect permanent /PMA2005/ http://127.0.0.1/
...

The Perishable Press blog has other .htaccess methods to deal with such
things.

I also block access from all Amazon EC2 IPs, that reduced the amount of port
and application scans by about half.

Al
--
I yam Popeye of the Borg. Prepares ta beez askimiligrated.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux