[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)

On Thu, Jul 29, 2010 at 16:49, Sjors Gielen <mailinglist@dazjorz.com> wrote:

Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven:

> Estimated:
> I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9)
> This has been repeating since a  weeks.
> Know what can be? What can I do to eliminate?
>
> Thanks.
>
> Marcelo Olcese.

Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway.

Sjors

Hello,

another option you could try is using package "fail2ban", and setting a threshold of several 404 errors and/or several 401 errors from a same IP. When this number of requests is seen, it creates a dynamic iptables rule that filters out traffic from that IP for a specified amount of time (configurable).

Best Regards,

--
Jonás Andradas

Skype: jontux
LinkedIn: http://www.linkedin.com/in/andradas
GPG Fingerprint:  678F 7BD0 83C3 28CE 9E8F
                           3F7F 4D87 9996 E0C6 9372
Keyservers:  pgp.mit.edu | pgp.rediris.es

Reply to: