[CentOS] (c 5.6) Running 2 versions of Apache ?

Mon Aug 29 19:50:17 UTC 2011
Always Learning <centos at u61.u22.net>

On Mon, 2011-08-29 at 15:31 -0400, m.roth at 5-cent.us wrote:

> Sorry, not a lunatic. Your website's name has been harvested, and added to
> some black-market commercial or script kiddie toolkit, and it's on
> infected servers around the world. Take it from me... (I'm a contractor
> for a US Federal Gov't agency*, and we get *tons*.

It would be nice if Uncle Sam went after the pests.

The attacks are not automatic. The loony is currently having difficulty
finding vulnerable IPs and concentrating his efforts on a Japanese
company with very lax security (7 IPs at the same place so far).

> Check out fail2ban. It works very nicely.

Mark,

>From http://www.fail2ban.org/wiki/index.php/Main_Page
it states: 

	Fail2ban scans log files like /var/log/pwdfail
	or /var/log/apache/error_log and bans IP that
	makes too many password failures. It updates
	firewall rules to reject the IP address.

I would like, if possible, to identify the fragments in IP tables and
instantly block the packets thus preventing them entering the remainder
of the server. Fail2ban does not do this. My current blocking
requirement is specialised.


Paul.