Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th April 2011, 23:06
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default .htacess file for main /default site.

Quick question folks,

I'm having tons, literally hundreds of idiot scanners or whatever ping for various folders. Especially phpmyadmin folders.


File does not exist: /var/www/pma
File does not exist: /var/www/myadmin
File does not exist: /var/www/phpmyadmin/ (insert various version numbers here)


For instance 1 Chinese IP had 72 errors in about 10 seconds. I know it is not alot of bandwidth or server usage, but I only host sites for my family and maybe one day Ill throw up my plating and jewelry on a site. But I will never be dealing with Chinese considering how cheap they plate and make jewelry for.


So I am wanting to use a .htaccess file to ban all bad IP's . I am assuming I put the file here:

/usr/local/ispconfig/interface/web

Correct?

Second question, how is the hierarchy or inheritance for things like .htacess files?

Lets say I did the following:

Main Site where ISPConfig Control Panel is (server1.example.com:8080)
I put a file blocking all IPs but USA in......../usr/local/ispconfig/interface/web

Sites 2,3,4,5 (familysite1.com familysite2.com familysite3.com etc etc)

This is a family site we all are in the USA, would I need a .htacess file here in /var/www/web2, web3, web 4 etc too or would it inherit main site?

Now lets say I put a site up with my plating and jewelry and so now I want traffic from US, UK, Germany, France yadda yadda If I put a .htaccess file in here only blocking China will it counter the above files?

Sorry if I didnt explain very well lol

Thanks as always,

Scott

Last edited by scottrill2; 12th April 2011 at 23:09. Reason: Typo
Reply With Quote
Sponsored Links
  #2  
Old 13th April 2011, 08:46
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,460
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

Quote:
/usr/local/ispconfig/interface/web
Correct?
First, you can not add .htaccess files there, as overriding is not permitted for that directory for security reasons. The second thing is, this is the ispconfig folder which is only for the service on port 8080, so if your server gets scanned on port 80, then thats the wrong folder anyway.

You can not block access to all sites from a single .htaccess file, you will have to add the .htaccess files into the web root diretory of every site where you want to block access to, e.g. /var/www/web2/web/, /var/www/web3/web/ etc.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 13th April 2011, 14:03
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default How can I tell which port they are scanning?

Thx for response Till,

So I have a few more questions then.

[Tue Apr 12 23:01:11 2011] [error] [client 222.222.198.36] File does not exist: /var/www/config


Since these guys's errors don't show the port is there a better log to read? A few days ago I had googled on how to put a .htaccess file in your /var/www directory and most info I found said not to place one in there, to instead:

"place it in the directory where the index.html or index.php you are trying to protect is located"


Thats why I was asking about putting a .htacess file into /usr/local/ispconfig/interface/web


So my questions would be:

1. What port is are they getting these errors on based on the error above?

2. What folder do I put the .htacess file in for the /var/www folder?


Thanks as always folks,

Scott
Reply With Quote
  #4  
Old 13th April 2011, 16:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,460
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

Quote:
1. What port is are they getting these errors on based on the error above?
80

Quote:
2. What folder do I put the .htacess file in for the /var/www folder?
Answered that already above:

"You can not block access to all sites from a single .htaccess file, you will have to add the .htaccess files into the web root diretory of every site where you want to block access to, e.g. /var/www/web2/web/, /var/www/web3/web/ etc."
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 13th April 2011, 18:05
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default A better explanation from me I hope lol

Hey Till as always thanks for the reply,


I do apologize as I hate to make you repeat yourself, because I can not explain myself correctly.

Ill give it another go.

1. I don't have any sites on this server at this time. My family sites are still on ISPConfig2, the version I started with. Right now the only site on ISPConfig 3 is the default site of the control panel.


2.In error logs I am being scanned / bombarded by a bunch of IP's mainly Chinese according to trace route. The 3 logs Im looking at are:

/var/log/apache2/error.log
/var/log/fail2ban.log
/var/log/auth.log


3. Fail2ban is working nice and hard banning tons of SSH failed log ins etc.


4. The errors in apache error log are like in the above post "File does not exist: blah blah"


5. All the errors are based on the /var/www folder example the folders being scanned asked for of one Chinese IP:

/var/www/admin
/var/www/PMA2010
/var/www/Admin
/var/www/sql
/var/www/mail
/var/www/phpmyadmin
/var/www/PMA2006
/var/www/sqlmanager
/var/www/phpmyadmin-old
/var/www/pma2011
/var/www/phpmanager
/var/www/webadmin
/var/www/phpMyAdmin-2.8.0
/var/www/PMA2009
/var/www/phpMyAdmin-2
/var/www/sqlweb
/var/www/pma2005
/var/www/phpmyadmin2
/var/www/mysqlmanager
/var/www/PMA2005
/var/www/mysqladmin
/var/www/php-my-admin
/var/www/websql
/var/www/PMA
/var/www/myadmin
/var/www/mysql-admin
/var/www/pma2006
/var/www/phpmyadminold
/var/www/phpMyAdmin-2.8.2
/var/www/mysql
/var/www/phpMyAdmin2
/var/www/PMA2008
/var/www/webdb


So since I dont have any sites installed yet I cant place one inside of /var/www/web3/web/ or the like. Once I transfer the sites over I will do that too.

I hope I explined it a little better or clearer. So for my questions I have:


1. How did you know the above error is port 80 since it didn't mention a port? Is it always port 80 unless the error log lists another port?


2. Since I don't have a site installed yet, what URL are they scanning to get this errors? Just the server1.example.com that the control panel is installed on?


3. For the default install "PREsites installed" how do I stop these scans for the root default site of the control panel?


Thanks as always folks,

Scott
Reply With Quote
  #6  
Old 13th April 2011, 18:26
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,460
Thanks: 813
Thanked 5,240 Times in 4,108 Posts
Default

1) yes
2) The apache default vhost. You can add your banning rules there too instead of a .htaccess file if you dont run any websites.
3) These scans are harmless and happening on every server, just make sure you install updates regularily. You can not really ban them as this would man to deny access to regular requests as well.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
scottrill2 (13th April 2011)
  #7  
Old 13th April 2011, 19:09
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default Thanks Till

Thanks as always for the info Till,

By apache default vhost you mean "/etc/apache2/sites-available/default" correct?


I understand they are harmless unless I am lax about updating etc. I guess Im just too old and too stubborn lol I have a hard enough time as it is reading through (let alone understanding) logs without seeing their crap lol



Thanks again sir, enjoy hump day!!


Scott
Reply With Quote
  #8  
Old 14th April 2011, 16:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
 
Default

Quote:
Originally Posted by scottrill2 View Post
By apache default vhost you mean "/etc/apache2/sites-available/default" correct?
Yes, that's right.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
scottrill2 (15th April 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 15:23
Can't access to my website - after install problem pallermo Installation/Configuration 18 4th June 2010 13:29
libWand.so.10 error Taxick Installation/Configuration 8 3rd May 2009 01:27
drbd error -115 anandx Installation/Configuration 15 26th April 2009 19:16
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17


All times are GMT +2. The time now is 12:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.