On 03/06/2013 07:17 AM, Robert Moskowitz wrote: > So I have this nice, simple web server up running. Its purpose is to > allow me external testing with HIP, and to provide some files for > external distribution. Of course, there it is sitting on port 80 and > the attacks are coming in per logwatch report. Examples from the report > include: > > Requests with error response codes > 404 Not Found > //phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s) > //phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s) > //phpMyAdmin-2.5.5-pl1/scripts/setup.php: 1 Time(s) > //phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s) > //phpMyAdmin-2.5.5-rc2/scripts/setup.php: 1 Time(s) > /muieblackcat: 1 Time(s) > /myadmin/scripts/setup.php: 2 Time(s) > /mysql-admin/scripts/setup.php: 1 Time(s) > /mysql/scripts/setup.php: 1 Time(s) > /mysqladmin/scripts/setup.php: 2 Time(s) > /mysqlmanager/scripts/setup.php: 1 Time(s) > > Now these are only a few, though I am probably not being hit as hard as > others out there. > > My question is: > > Is there a way to shut this nonsense down? Or because I am sending the > 404, I am doing all that is reasonable to do? > > I am wondering that if this list starts getting long, that is a lot of > logging and I probably don't need to log 404s? There is also mod_security ... http://people.centos.org/hughesjr/mod_security/ You can read about what it is here: http://www.modsecurity.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20130306/850c14a0/attachment-0005.sig>