Re: [CentOS] Interpreting logwatch

8 Sep 2010

      Timothy Murphy wrote:
...
Every few days I see in the logwatch on my Centos-5.5 web-server
what seems like a rather feeble break-in attempt.
Eg today I see

403 Forbidden
   /phpMyAdmin/scripts/setup.php: 2 Time(s)
   /phpmyadmin/scripts/setup.php: 2 Time(s)
404 Not Found
   /PMA2005/scripts/setup.php: 1 Time(s)
   /TRAD_files/datestamp.js: 1 Time(s)

...
followed by dozens of similar lines.
As far as I can see, the IP of the person making the attempt
(if there was an attempt) is not given.
I'm not at all sure what if anything I should do about this.
In fact, I'm not clear how one should deal with logwatch entries
in general.
Is there any document giving advice on this?
We run fail2ban. It blocks a given IP for so long after so many (3? 5?)
failed attempts to break in. It also does a whois on the IP, which is a
little more info.
mark, wondering if the Chinese Railway is trying again today

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Interpreting logwatch

...