Re: Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 8/31/2011 11:22 AM, Always Learning wrote:
> On Wed, 2011-08-31 at 11:16 -0400, m.roth@xxxxxxxxx wrote:
>
>> Maybe not, for a small website. However, let me re-suggest fail2ban, with
>> three lines from one of our config files:
>> failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c 
>>       onfig\.inc|main)\.php.*".*404.*
>>          ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.*
>>          ^<HOST> -.*"GET /w00tw00t\.at
> Mark,
>
> Looking at your example seems to suggest Fail2Ban is an 'after the
> event' response. I would like to implement 'before the event' filtering
> which prevents, even on the first detected hacking attempt, anything
> reaching HTTPD.

I assume this is an Apache server.  Have you looked at mod_security
(http://www.modsecurity.org/)?  It is available from the epel
repository.  There is a bit of a learning curve to get it running, but
it protects against a ton of hacking attempts.

-- 
Bowie
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux