> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Bill Campbell > Sent: Wednesday, September 08, 2010 12:17 PM > To: centos at centos.org > Subject: Re: [CentOS] Interpreting logwatch > While fail2ban and swatch are good tools, apache mod_security is > probably better for dealing with this type of thing as it is > designed to minimize attacks on web services. > > I think it's a mistake to discount any attacks involving php as > the vast majority of the systems I have had to clean up after > cracks have been compromised through php vulnerabilities, usually > in conjunction with weak user level passwords. > > IHMO, admin tools like phpMyAdmin, webmin, and usermin should be > carefully restricted, preferably only accessible via a private > LAN, not from the public internet. This lurker is running a family pictures website, and got tired of that nonsense, so I have a bunch of entries like these in my .htaccess file: Redirect permanent /phpMyAdmin/ http://127.0.0.1/ Redirect permanent /PMA2005/ http://127.0.0.1/ ... The Perishable Press blog has other .htaccess methods to deal with such things. I also block access from all Amazon EC2 IPs, that reduced the amount of port and application scans by about half. Al -- I yam Popeye of the Borg. Prepares ta beez askimiligrated.