[TriLUG] httpd probe issues

Ron Young ronyoung at nc.rr.com
Tue Aug 12 10:24:40 EDT 2008


All,

My thanks to all for your input so far.  I think the general consensus seems
to be that it never hurts to have two lines of defense...one on the
router/firewall and the second on the server itself in the form of iptables.

Looks like I have lot more to learn about both and I welcome all your
assistance and suggestions as this learning is my daily delight!

Keep 'em coming!

-- 
Ron Young
919-621-9015

On Tue, Aug 12, 2008 at 9:58 AM, Alan Porter <porter at trilug.org> wrote:

>
> Take a look at DenyHosts.
>
> It looks at your logs to see who is attempting to connect.  I think,
> specifically, it looks for SSH attempts.  After a handful of incorrect
> guesses, it adds the source IP to /etc/hosts.deny.  It is also smart
> enough to clean up behind itself... removing entries after a period of
> time (days, weeks), if you like.
>
> It is also a good idea to add your home and work (and TriLUG) IP's to
> /etc/hosts.allow, just in case you're having a bad day with passwords.
> It really sucks to lock yourself out.
>
> I would not worry about people probing port 80.  I would make sure that
> any sensitive parts of my web space (like web admin tools, phpmyadmin,
> personal web mail, etc) are behind an apache http auth prompt.
>
> Alan
>
>
>
>
>
> .
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list