[CentOS] attack

Thu Dec 24 16:55:12 UTC 2009
Fernando Hallberg <fernando at flexdigital.com.br>

Hi,

I'm have a repo with many security tools.. if you can test... i'm upload a few packages from fedora, other sources, and created by me..

http://flexbox.sourceforge.net/centos/5/i386/flexbox-release-1-1.noarch.rpm

Try to install sectool, and verify your system..

You can try to use fail2ban for list maillog, and blacklists ips...

I'm using fail2ban+shorewall+ipset

Fernando.

On Thu, 24 Dec 2009 14:48:30 +0000
"Manu Verhaegen" <maverh at telenet.be> wrote:

> Hi,
> 
> i ame checking this
> 
> thanks,
>   Manu
> 
> 
> -----Oorspronkelijk bericht-----
> Van: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Namens Kai Schaetzl
> Verzonden: donderdag 24 december 2009 15:32
> Aan: centos at centos.org
> Onderwerp: Re: [CentOS] attack
> 
> Obviously, if you are running several vhosts and plesk you likely have 
> other logs to check. Also, one can usually see the origin of the mail 
> injection in the maillog (e.g. complaints about setting to an unsafe 
> sender) or in the outgoing messages. At runtime you can see the connects 
> with full URLs on the apache status page.
> 
> Kai
> 
> -- 
> Kai Schätzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos


-- 
Fernando Hallberg <fernando at flexdigital.com.br>
Flex Digital Soluções em Redes de Dados
http://www.flexdigital.com.br