On Mon, 2011-08-29 at 15:52 -0500, Les Mikesell wrote:
That means he's not very good at it yet. The ones you need to worry about will send quick exploit tests cycling through different destinations, that if they succeed will post to a central receiver. Then later, likely from a different location, it will send the one that attempts to escalate access to root and/or establish a connection back for central control. The point here being that an IP block probably won't help much against an exploit that works well enough to establish a distributed base.
Thank you for this.
If I can establish an effective block for wrong HTTP requests in IPtables for incoming port 80 traffic, back-upped by my Apache routine adding IPs to IPtables or .htacesss file and having screwed down access and egress for all other traffic, the only other enhancement I need is SELinux ?
Paul.