On Thu, Jul 29, 2010 at 16:49, Sjors Gielen <[email protected]> wrote:
> > Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende > geschreven: > > > Estimated: > > I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) > > This has been repeating since a weeks. > > Know what can be? What can I do to eliminate? > > > > Thanks. > > > > Marcelo Olcese. > > Someone is scanning your system for vulnerable PHPMyAdmin installations, > and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin > installations if you have any and make sure nobody can abuse them, nothing's > wrong. Try, for example, requiring http authentication to access the > directories, or turning off your webserver if you didn't need it anyway. > > Sjors Hello, another option you could try is using package "fail2ban", and setting a threshold of several 404 errors and/or several 401 errors from a same IP. When this number of requests is seen, it creates a dynamic iptables rule that filters out traffic from that IP for a specified amount of time (configurable). Best Regards, -- Jonás Andradas Skype: jontux LinkedIn: http://www.linkedin.com/in/andradas GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F 3F7F 4D87 9996 E0C6 9372 Keyservers: pgp.mit.edu | pgp.rediris.es
