Matthew Nuzum wrote:
I've not looked into it, but it would be nice if there was some
*simple* to
maintain script that would detect these types of probes and
automatically
add the IP to hosts.deny and etc.
I found DenyHosts [1] which is a Python script you can run in daemon
mode (or a
G. Roderick Singleton wrote:
Another script I've found is Daemon Shield [2], but I haven't tried
it yet. Adds iptables rules for probing hosts. Any comments? Does
anyone know of better scripts?
Deamonshield works like a charm. If you check the forums there is a
patch to make it work under
On Fri, 2005-10-21 at 16:12 +0200, Nils Breunese (Lemonbit Internet)
wrote:
G. Roderick Singleton wrote:
Another script I've found is Daemon Shield [2], but I haven't tried
it yet. Adds iptables rules for probing hosts. Any comments? Does
anyone know of better scripts?
Deamonshield
G. Roderick Singleton wrote:
Deamonshield works like a charm. If you check the forums there is a
patch to make it work under RH7.3 provided you have python24
installed.
I don't believe it's available via yum, right?
Python24 is. Don't know about daemonshield as I did it from source and
Some time ago, I wrote a program in PHP that ran as a background task,
essentially grabbing the stdin from a
tail -f /var/log/httpd/access.log
It would scan each line of the input for certain patterns. EG: a certain # of
hits in the most recent 5 minutes, a bunch of others like known sploits
Am Fr, den 21.10.2005 schrieb Benjamin Smith um 21:22:
Some time ago, I wrote a program in PHP that ran as a background task,
essentially grabbing the stdin from a
tail -f /var/log/httpd/access.log
It would scan each line of the input for certain patterns. EG: a certain # of
hits in
Am Fr, den 21.10.2005 schrieb Alexander Dalloz um 21:28:
I feel mod-security - www.modsecurity.org - is the better approach. It
is available from centos.karan.org repo as an rpm.
*g* Forget about the second sentence ;} I thought to communicate on a
different list.
Alexander
Alexander
--
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
- -BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Everyone,
On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
accessed my web-server trying to access a file called
main.php in the following places:
194.150.85.114 - -
Am Do, den 20.10.2005 schrieb James Kosin um 17:57:
On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
accessed my web-server trying to access a file called
main.php in the following places:
194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] GET
/phpmyadmin/main.php HTTP/1.0
Another? Heck, that's old stuff from quite some time (Internet time)
ago. If I had a nickel for every invalid file access attempt. ;-)
-Jim P.
James Kosin wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
- -BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Everyone,
On
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Jim Popovitch wrote:
Another? Heck, that's old stuff from quite some time (Internet
time) ago. If I had a nickel for every invalid file access
attempt. ;-)
-Jim P.
James Kosin wrote:
--snip--
I'm not all that worried about invalid
On Thu, 20 Oct 2005 11:57:47 -0400 James Kosin wrote:
On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
accessed my web-server trying to access a file called
main.php in the following places:
[snip]
Of course, this attack fell on deaf ears on my server but, I'd
like
From: [EMAIL PROTECTED] [mailto:fedora-legacy-list-
[EMAIL PROTECTED] On Behalf Of Jim Popovitch
Sent: Thursday, October 20, 2005 11:59 AM
Subject: Re: Another security problem..
Another? Heck, that's old stuff from quite some time (Internet time)
ago. If I had a nickel for every invalid
Matthew Nuzum wrote:
But that's not my point... if you run a web-facing server there are some
plugins for nessus that cause it to search for known-vulnerable web
applications and such. It's a good idea to run it periodically so that you
can find if you're exposed before someone else does.
You
-Original Message-
From: [EMAIL PROTECTED] [mailto:fedora-legacy-list-
[EMAIL PROTECTED] On Behalf Of Jim Popovitch
Sent: Thursday, October 20, 2005 3:30 PM
To: Discussion of the Fedora Legacy Project
Subject: Re: Another security problem..
Matthew Nuzum wrote:
But that's
15 matches
Mail list logo