[CentOS] Apache attacks - you can't stop them, or can you?

Wed Mar 6 16:58:32 UTC 2013
Johnny Hughes <johnny at centos.org>

On 03/06/2013 07:17 AM, Robert Moskowitz wrote:
> So I have this nice, simple web server up running.  Its purpose is to 
> allow me external testing with HIP, and to provide some files for 
> external distribution.  Of course, there it is sitting on port 80 and 
> the attacks are coming in per logwatch report.  Examples from the report 
> include:
>
>   Requests with error response codes
>      404 Not Found
>         //phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-pl1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s)
>         //phpMyAdmin-2.5.5-rc2/scripts/setup.php: 1 Time(s)
>         /muieblackcat: 1 Time(s)
>         /myadmin/scripts/setup.php: 2 Time(s)
>         /mysql-admin/scripts/setup.php: 1 Time(s)
>         /mysql/scripts/setup.php: 1 Time(s)
>         /mysqladmin/scripts/setup.php: 2 Time(s)
>         /mysqlmanager/scripts/setup.php: 1 Time(s)
>
> Now these are only a few, though I am probably not being hit as hard as 
> others out there.
>
> My question is:
>
> Is there a way to shut this nonsense down?  Or because I am sending the 
> 404, I am doing all that is reasonable to do?
>
> I am wondering that if this list starts getting long, that is a lot of 
> logging and I probably don't need to log 404s?

There is also mod_security ...

http://people.centos.org/hughesjr/mod_security/

You can read about what it is here:

http://www.modsecurity.org/



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130306/850c14a0/attachment-0003.sig>