[TriLUG] httpd probe issues

Ron Young ronyoung at nc.rr.com
Tue Aug 12 10:11:58 EDT 2008


Alan,

Thanks for all your help!  Here is the contents of my /etc/hosts.deny file:

#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
ALL : ALL


It has been this way for months.  No additions or deletions have been made
that I know of!?!?

-- 
Ron Young
919-621-9015


On Tue, Aug 12, 2008 at 9:58 AM, Alan Porter <porter at trilug.org> wrote:

>
> Take a look at DenyHosts.
>
> It looks at your logs to see who is attempting to connect.  I think,
> specifically, it looks for SSH attempts.  After a handful of incorrect
> guesses, it adds the source IP to /etc/hosts.deny.  It is also smart
> enough to clean up behind itself... removing entries after a period of
> time (days, weeks), if you like.
>
> It is also a good idea to add your home and work (and TriLUG) IP's to
> /etc/hosts.allow, just in case you're having a bad day with passwords.
> It really sucks to lock yourself out.
>
> I would not worry about people probing port 80.  I would make sure that
> any sensitive parts of my web space (like web admin tools, phpmyadmin,
> personal web mail, etc) are behind an apache http auth prompt.
>
> Alan
>
>
>
>
>
> .
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list