[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Bowie Bailey
Bowie_Bailey at BUC.comWed Aug 31 15:29:58 UTC 2011
- Previous message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Next message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 8/31/2011 11:22 AM, Always Learning wrote: > On Wed, 2011-08-31 at 11:16 -0400, m.roth at 5-cent.us wrote: > >> Maybe not, for a small website. However, let me re-suggest fail2ban, with >> three lines from one of our config files: >> failregex = <HOST> -.*"GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c >> onfig\.inc|main)\.php.*".*404.* >> ^<HOST> -.*"GET .*(phpmyadmin).*\.php.*".*404.* >> ^<HOST> -.*"GET /w00tw00t\.at > Mark, > > Looking at your example seems to suggest Fail2Ban is an 'after the > event' response. I would like to implement 'before the event' filtering > which prevents, even on the first detected hacking attempt, anything > reaching HTTPD. I assume this is an Apache server. Have you looked at mod_security (http://www.modsecurity.org/)? It is available from the epel repository. There is a bit of a learning curve to get it running, but it protects against a ton of hacking attempts. -- Bowie
- Previous message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Next message: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list