[CentOS] Interpreting logwatch

Wed Sep 8 23:32:20 UTC 2010
Albert McCann <mac358 at newsguy.com>

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Bill Campbell
> Sent: Wednesday, September 08, 2010 12:17 PM
> To: centos at centos.org
> Subject: Re: [CentOS] Interpreting logwatch

> While fail2ban and swatch are good tools, apache mod_security is
> probably better for dealing with this type of thing as it is
> designed to minimize attacks on web services.
> 
> I think it's a mistake to discount any attacks involving php as
> the vast majority of the systems I have had to clean up after
> cracks have been compromised through php vulnerabilities, usually
> in conjunction with weak user level passwords.
> 
> IHMO, admin tools like phpMyAdmin, webmin, and usermin should be
> carefully restricted, preferably only accessible via a private
> LAN, not from the public internet.  

This lurker is running a family pictures website, and got tired of that
nonsense, so I have a bunch of entries like these in my .htaccess file:

Redirect permanent /phpMyAdmin/ http://127.0.0.1/
Redirect permanent /PMA2005/ http://127.0.0.1/
...

The Perishable Press blog has other .htaccess methods to deal with such
things.

I also block access from all Amazon EC2 IPs, that reduced the amount of port
and application scans by about half.

Al
--
I yam Popeye of the Borg. Prepares ta beez askimiligrated.