My 2 cents : OSSEC is quite good at actively blocking attackers in situations like this.

2011/5/8 Jason Pyeron <jpyeron@pdinc.us>

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Jason
> Sent: Sunday, May 08, 2011 15:02
> To: CentOS mailing list
> Subject: Re: [CentOS] Am I being to paranoid?
>
> Hi Russ,
>
> > > 3. Is there a better way to right these rules?
> >
> > I wrote about my approch some time ago ...
> >
> >
> http://orcorc.blogspot.com/2010/06/reading-logs-part-3-run-your-update
> > s.html
> >
> > Send them safely off your box, and back home
>
> I read your article and It seems we are doing the same thing?
> Is there a benefit I dont understand to use your approach
> versus the one I am using already?
>

The point you missed was that he packaged the conf gile as a RPM and then added
it to his local yum repo, so all his machines would get it durring the update
cycle.

> Is it true that you can to (.*) to handle easier matching?
>
> Say phpmyadmin, phpadmin, php-myadmin
>
> Could I do something like: RewriteCond %{REQUEST_URI}
> ^/php(.*) [NC,OR] and that would handle all of them?
>
> -Jason
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos