[CentOS] Apache attacks - you can't stop them, or can you?
Eero Volotinen
eero.volotinen at iki.fi
Wed Mar 6 17:47:50 UTC 2013
2013/3/6 Johnny Hughes <johnny at centos.org>:
> On 03/06/2013 07:17 AM, Robert Moskowitz wrote:
>> So I have this nice, simple web server up running. Its purpose is to
>> allow me external testing with HIP, and to provide some files for
>> external distribution. Of course, there it is sitting on port 80 and
>> the attacks are coming in per logwatch report. Examples from the report
>> include:
>>
>> Requests with error response codes
>> 404 Not Found
>> //phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s)
>> //phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s)
>> //phpMyAdmin-2.5.5-pl1/scripts/setup.php: 1 Time(s)
>> //phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s)
>> //phpMyAdmin-2.5.5-rc2/scripts/setup.php: 1 Time(s)
>> /muieblackcat: 1 Time(s)
>> /myadmin/scripts/setup.php: 2 Time(s)
>> /mysql-admin/scripts/setup.php: 1 Time(s)
>> /mysql/scripts/setup.php: 1 Time(s)
>> /mysqladmin/scripts/setup.php: 2 Time(s)
>> /mysqlmanager/scripts/setup.php: 1 Time(s)
>>
>> Now these are only a few, though I am probably not being hit as hard as
>> others out there.
>>
>> My question is:
>>
>> Is there a way to shut this nonsense down? Or because I am sending the
>> 404, I am doing all that is reasonable to do?
>>
>> I am wondering that if this list starts getting long, that is a lot of
>> logging and I probably don't need to log 404s?
>
> There is also mod_security ...
>
> http://people.centos.org/hughesjr/mod_security/
>
> You can read about what it is here:
ossec also blocks this kind of web scanners with active response enabled.
--
Eero
More information about the CentOS
mailing list