Navigation

mr_bo · #1 20th July 2010, 21:50

I am running an ispc 3/Centos server and all is well except for Awstats on one of the domains is logging hits on:

Code:

/webmail/src/left_main.php
/webmail/src/right_main.php
/webmail/src/login.php
/webmail/src/webmail.php
/webmail/src/read_body.php
/webmail/src/compose.php

There is only 2 email accounts on this domain for which both have imap disabled and passwords have been changed, robots.txt is also covering these but still receiving 140 hits in 3 days!

Another domin is logging hits on:

Code:

/mysqladmin/scripts/setup.php
/phpmyadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php

Am I being targeted? Am I safe or should I be worried?

Thanks in advance.

falko · #2 21st July 2010, 13:43

You should keep an eye on it. If all hits come from the same IP, and this IP doesn't belong to any of your customers, you can block the IP.

mr_bo · #3 21st July 2010, 21:07

Quote:

Originally Posted by falko

You should keep an eye on it. If all hits come from the same IP, and this IP doesn't belong to any of your customers, you can block the IP.

How do you block them?

And is this a good step to take? Given the centos firewall is off and the ispc firewall is on.

till · #4 21st July 2010, 22:09

http://www.faqforge.com/linux/how-to...ress-on-linux/

mr_bo · #5 21st July 2010, 23:54

Code:

/sbin/route add -host 192.168.0.123 reject

Ok, I just used this command on an ip.... a wrong ip

Can it be reversed?

falko · #6 22nd July 2010, 14:56

Try

Code:

/sbin/route del -host 192.168.0.123 reject

or reboot the system.

mr_bo · #7 23rd July 2010, 00:31

Thanks, the help you guys give here is invaluable

Navigation

Facebook

News

Recent comments

Newsletter