Re: Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

John R Pierce wrote:
> On 08/31/11 7:22 AM, Always Learning wrote:
>> In the current 4,000 to 6,000 daily hits, the lunatic uses
>>
>> 	login.php
>> 	contact.php
>> 	forgotten_password.php
>
> your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
> running on distributed previously hacked hosts, and probing a long long
> list of targets of which your hosts only a tiny part of.   4000 hits a
> day to 404 pages is background noise.
>
Maybe not, for a small website. However, let me re-suggest fail2ban, with
three lines from one of our config files:
failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c 
      onfig\.inc|main)\.php.*".*404.*
         ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.*
         ^<HOST> -.*"GET /w00tw00t\.at

        mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux