[TriLUG] httpd probe issues
ronyoung at nc.rr.com
Tue Aug 12 10:11:58 EDT 2008
Thanks for all your help! Here is the contents of my /etc/hosts.deny file:
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL : ALL
It has been this way for months. No additions or deletions have been made
that I know of!?!?
On Tue, Aug 12, 2008 at 9:58 AM, Alan Porter <porter at trilug.org> wrote:
> Take a look at DenyHosts.
> It looks at your logs to see who is attempting to connect. I think,
> specifically, it looks for SSH attempts. After a handful of incorrect
> guesses, it adds the source IP to /etc/hosts.deny. It is also smart
> enough to clean up behind itself... removing entries after a period of
> time (days, weeks), if you like.
> It is also a good idea to add your home and work (and TriLUG) IP's to
> /etc/hosts.allow, just in case you're having a bad day with passwords.
> It really sucks to lock yourself out.
> I would not worry about people probing port 80. I would make sure that
> any sensitive parts of my web space (like web admin tools, phpmyadmin,
> personal web mail, etc) are behind an apache http auth prompt.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG