[CentOS] Apache attacks - you can't stop them, or can you?

Wed Mar 6 17:31:49 UTC 2013
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 06.03.2013 14:17, schrieb Robert Moskowitz:
> So I have this nice, simple web server up running. [...] 
> the attacks are coming in per logwatch report.  Examples from the report 
> include:
> 
>   Requests with error response codes
>      404 Not Found
>         //phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-pl1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-rc2/scripts/setup.php: 1 Time(s)
>         /muieblackcat: 1 Time(s)
>         /myadmin/scripts/setup.php: 2 Time(s)
>         /mysql-admin/scripts/setup.php: 1 Time(s)
>         /mysql/scripts/setup.php: 1 Time(s)
>         /mysqladmin/scripts/setup.php: 2 Time(s)
>         /mysqlmanager/scripts/setup.php: 1 Time(s)

That's the normal background noise of the Internet.
Scans for known security holes. Hardly worth a bother.
If it bothers you, set up fail2ban as Lorenzo proposed.
Apart from that, take it as a reminder to keep up to date
with the software you use to close known security holes
as quickly as possible.

> My question is:
> 
> Is there a way to shut this nonsense down?  Or because I am sending the 
> 404, I am doing all that is reasonable to do?
> 
> I am wondering that if this list starts getting long, that is a lot of 
> logging and I probably don't need to log 404s?

I wouldn't disable 404 logging. Even on my hardest-hit
webservers the volume is not so big that it gets anywhere
near causing an actual problem. And it's nice to be kept up
to date about the latest exploits in your daily logwatch
mail so if the hits are getting closer you can take evasive
action. :-)

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130306/596cfd04/attachment-0005.sig>