[TriLUG] httpd probe issues
ronyoung at nc.rr.com
Tue Aug 12 10:24:40 EDT 2008
My thanks to all for your input so far. I think the general consensus seems
to be that it never hurts to have two lines of defense...one on the
router/firewall and the second on the server itself in the form of iptables.
Looks like I have lot more to learn about both and I welcome all your
assistance and suggestions as this learning is my daily delight!
Keep 'em coming!
On Tue, Aug 12, 2008 at 9:58 AM, Alan Porter <porter at trilug.org> wrote:
> Take a look at DenyHosts.
> It looks at your logs to see who is attempting to connect. I think,
> specifically, it looks for SSH attempts. After a handful of incorrect
> guesses, it adds the source IP to /etc/hosts.deny. It is also smart
> enough to clean up behind itself... removing entries after a period of
> time (days, weeks), if you like.
> It is also a good idea to add your home and work (and TriLUG) IP's to
> /etc/hosts.allow, just in case you're having a bad day with passwords.
> It really sucks to lock yourself out.
> I would not worry about people probing port 80. I would make sure that
> any sensitive parts of my web space (like web admin tools, phpmyadmin,
> personal web mail, etc) are behind an apache http auth prompt.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG