-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Bill Campbell Sent: Wednesday, September 08, 2010 12:17 PM To: centos@centos.org Subject: Re: [CentOS] Interpreting logwatch
While fail2ban and swatch are good tools, apache mod_security is probably better for dealing with this type of thing as it is designed to minimize attacks on web services.
I think it's a mistake to discount any attacks involving php as the vast majority of the systems I have had to clean up after cracks have been compromised through php vulnerabilities, usually in conjunction with weak user level passwords.
IHMO, admin tools like phpMyAdmin, webmin, and usermin should be carefully restricted, preferably only accessible via a private LAN, not from the public internet.
This lurker is running a family pictures website, and got tired of that nonsense, so I have a bunch of entries like these in my .htaccess file:
Redirect permanent /phpMyAdmin/ http://127.0.0.1/ Redirect permanent /PMA2005/ http://127.0.0.1/ ...
The Perishable Press blog has other .htaccess methods to deal with such things.
I also block access from all Amazon EC2 IPs, that reduced the amount of port and application scans by about half.
Al -- I yam Popeye of the Borg. Prepares ta beez askimiligrated.