[TriLUG] httpd probe issues

Alan Porter porter at trilug.org
Tue Aug 12 09:58:57 EDT 2008


Take a look at DenyHosts.

It looks at your logs to see who is attempting to connect.  I think,
specifically, it looks for SSH attempts.  After a handful of incorrect
guesses, it adds the source IP to /etc/hosts.deny.  It is also smart
enough to clean up behind itself... removing entries after a period of
time (days, weeks), if you like.

It is also a good idea to add your home and work (and TriLUG) IP's to
/etc/hosts.allow, just in case you're having a bad day with passwords. 
It really sucks to lock yourself out.

I would not worry about people probing port 80.  I would make sure that
any sensitive parts of my web space (like web admin tools, phpmyadmin,
personal web mail, etc) are behind an apache http auth prompt.

Alan





.




More information about the TriLUG mailing list