Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

John R Pierce wrote:

On 08/31/11 7:22 AM, Always Learning wrote:

...

In the current 4,000 to 6,000 daily hits, the lunatic uses

login.php contact.php forgotten_password.php

your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot') running on distributed previously hacked hosts, and probing a long long list of targets of which your hosts only a tiny part of. 4000 hits a day to 404 pages is background noise.

Maybe not, for a small website. However, let me re-suggest fail2ban, with three lines from one of our config files: failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c onfig.inc|main).php.*".*404.* ^<HOST> -.*"GET .*(phpmyadmin).*.php.*".*404.* ^<HOST> -.*"GET /w00tw00t.at

mark