[TriLUG] httpd probe issues
porter at trilug.org
Tue Aug 12 09:58:57 EDT 2008
Take a look at DenyHosts.
It looks at your logs to see who is attempting to connect. I think,
specifically, it looks for SSH attempts. After a handful of incorrect
guesses, it adds the source IP to /etc/hosts.deny. It is also smart
enough to clean up behind itself... removing entries after a period of
time (days, weeks), if you like.
It is also a good idea to add your home and work (and TriLUG) IP's to
/etc/hosts.allow, just in case you're having a bad day with passwords.
It really sucks to lock yourself out.
I would not worry about people probing port 80. I would make sure that
any sensitive parts of my web space (like web admin tools, phpmyadmin,
personal web mail, etc) are behind an apache http auth prompt.
More information about the TriLUG