#1  
Old 20th July 2010, 21:50
mr_bo mr_bo is offline
Member
 
Join Date: Sep 2008
Posts: 35
Thanks: 7
Thanked 0 Times in 0 Posts
Question Website Security

I am running an ispc 3/Centos server and all is well except for Awstats on one of the domains is logging hits on:
Code:
/webmail/src/left_main.php
/webmail/src/right_main.php
/webmail/src/login.php
/webmail/src/webmail.php
/webmail/src/read_body.php
/webmail/src/compose.php
There is only 2 email accounts on this domain for which both have imap disabled and passwords have been changed, robots.txt is also covering these but still receiving 140 hits in 3 days!

Another domin is logging hits on:
Code:
/mysqladmin/scripts/setup.php
/phpmyadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
Am I being targeted? Am I safe or should I be worried?

Thanks in advance.
Reply With Quote
Sponsored Links
  #2  
Old 21st July 2010, 13:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You should keep an eye on it. If all hits come from the same IP, and this IP doesn't belong to any of your customers, you can block the IP.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st July 2010, 21:07
mr_bo mr_bo is offline
Member
 
Join Date: Sep 2008
Posts: 35
Thanks: 7
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
You should keep an eye on it. If all hits come from the same IP, and this IP doesn't belong to any of your customers, you can block the IP.
How do you block them?

And is this a good step to take? Given the centos firewall is off and the ispc firewall is on.

Last edited by mr_bo; 21st July 2010 at 22:13.
Reply With Quote
  #4  
Old 21st July 2010, 22:09
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,768
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

http://www.faqforge.com/linux/how-to...ress-on-linux/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st July 2010, 23:54
mr_bo mr_bo is offline
Member
 
Join Date: Sep 2008
Posts: 35
Thanks: 7
Thanked 0 Times in 0 Posts
Default

Code:
/sbin/route add -host 192.168.0.123 reject
Ok, I just used this command on an ip.... a wrong ip Can it be reversed?
Reply With Quote
  #6  
Old 22nd July 2010, 14:56
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Try
Code:
/sbin/route del -host 192.168.0.123 reject
or reboot the system.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 23rd July 2010, 00:31
mr_bo mr_bo is offline
Member
 
Join Date: Sep 2008
Posts: 35
Thanks: 7
Thanked 0 Times in 0 Posts
 
Default

Thanks, the help you guys give here is invaluable
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
I need help to debug a slow website vtapas Server Operation 15 10th August 2011 10:50
No website folder created. holykim General 2 8th June 2010 15:48
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
cannot receive emails after made website online llamy General 20 27th December 2007 01:14


All times are GMT +2. The time now is 11:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.