[TriLUG] httpd probe issues
Alan Porter
porter at trilug.org
Tue Aug 12 09:58:57 EDT 2008
Take a look at DenyHosts.
It looks at your logs to see who is attempting to connect. I think,
specifically, it looks for SSH attempts. After a handful of incorrect
guesses, it adds the source IP to /etc/hosts.deny. It is also smart
enough to clean up behind itself... removing entries after a period of
time (days, weeks), if you like.
It is also a good idea to add your home and work (and TriLUG) IP's to
/etc/hosts.allow, just in case you're having a bad day with passwords.
It really sucks to lock yourself out.
I would not worry about people probing port 80. I would make sure that
any sensitive parts of my web space (like web admin tools, phpmyadmin,
personal web mail, etc) are behind an apache http auth prompt.
Alan
.
More information about the TriLUG
mailing list