[CentOS] Interpreting logwatch
mac358 at newsguy.com
Wed Sep 8 19:32:20 EDT 2010
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Bill Campbell
> Sent: Wednesday, September 08, 2010 12:17 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Interpreting logwatch
> While fail2ban and swatch are good tools, apache mod_security is
> probably better for dealing with this type of thing as it is
> designed to minimize attacks on web services.
> I think it's a mistake to discount any attacks involving php as
> the vast majority of the systems I have had to clean up after
> cracks have been compromised through php vulnerabilities, usually
> in conjunction with weak user level passwords.
> IHMO, admin tools like phpMyAdmin, webmin, and usermin should be
> carefully restricted, preferably only accessible via a private
> LAN, not from the public internet.
This lurker is running a family pictures website, and got tired of that
nonsense, so I have a bunch of entries like these in my .htaccess file:
Redirect permanent /phpMyAdmin/ http://127.0.0.1/
Redirect permanent /PMA2005/ http://127.0.0.1/
The Perishable Press blog has other .htaccess methods to deal with such
I also block access from all Amazon EC2 IPs, that reduced the amount of port
and application scans by about half.
I yam Popeye of the Borg. Prepares ta beez askimiligrated.
More information about the CentOS