[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
m.roth at 5-cent.us
m.roth at 5-cent.usWed Aug 31 15:16:01 UTC 2011
- Previous message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Next message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
John R Pierce wrote:
> On 08/31/11 7:22 AM, Always Learning wrote:
>> In the current 4,000 to 6,000 daily hits, the lunatic uses
>>
>> login.php
>> contact.php
>> forgotten_password.php
>
> your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
> running on distributed previously hacked hosts, and probing a long long
> list of targets of which your hosts only a tiny part of. 4000 hits a
> day to 404 pages is background noise.
>
Maybe not, for a small website. However, let me re-suggest fail2ban, with
three lines from one of our config files:
failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
onfig\.inc|main)\.php.*".*404.*
^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.*
^<HOST> -.*"GET /w00tw00t\.at
mark
- Previous message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Next message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list