.htacess file for main /default site.

[scottrill2]

Quick question folks,

I'm having tons, literally hundreds of idiot scanners or whatever ping for various folders. Especially phpmyadmin folders.


File does not exist: /var/www/pma
File does not exist: /var/www/myadmin
File does not exist: /var/www/phpmyadmin/ (insert various version numbers here)


For instance 1 Chinese IP had 72 errors in about 10 seconds. I know it is not alot of bandwidth or server usage, but I only host sites for my family and maybe one day Ill throw up my plating and jewelry on a site. But I will never be dealing with Chinese considering how cheap they plate and make jewelry for.


So I am wanting to use a .htaccess file to ban all bad IP's . I am assuming I put the file here:

/usr/local/ispconfig/interface/web

Correct?

Second question, how is the hierarchy or inheritance for things like .htacess files?

Lets say I did the following:

Main Site where ISPConfig Control Panel is (server1.example.com:8080)
I put a file blocking all IPs but USA in......../usr/local/ispconfig/interface/web

Sites 2,3,4,5 (familysite1.com familysite2.com familysite3.com etc etc)

This is a family site we all are in the USA, would I need a .htacess file here in /var/www/web2, web3, web 4 etc too or would it inherit main site?

Now lets say I put a site up with my plating and jewelry and so now I want traffic from US, UK, Germany, France yadda yadda If I put a .htaccess file in here only blocking China will it counter the above files?

Sorry if I didnt explain very well lol

Thanks as always,

Scott

[till]

Quote:

/usr/local/ispconfig/interface/web
Correct?

First, you can not add .htaccess files there, as overriding is not permitted for that directory for security reasons. The second thing is, this is the ispconfig folder which is only for the service on port 8080, so if your server gets scanned on port 80, then thats the wrong folder anyway.

You can not block access to all sites from a single .htaccess file, you will have to add the .htaccess files into the web root diretory of every site where you want to block access to, e.g. /var/www/web2/web/, /var/www/web3/web/ etc.

[scottrill2]

Thx for response Till,

So I have a few more questions then.

[Tue Apr 12 23:01:11 2011] [error] [client 222.222.198.36] File does not exist: /var/www/config


Since these guys's errors don't show the port is there a better log to read? A few days ago I had googled on how to put a .htaccess file in your /var/www directory and most info I found said not to place one in there, to instead:

"place it in the directory where the index.html or index.php you are trying to protect is located"


Thats why I was asking about putting a .htacess file into /usr/local/ispconfig/interface/web


So my questions would be:

1. What port is are they getting these errors on based on the error above?

2. What folder do I put the .htacess file in for the /var/www folder?


Thanks as always folks,

Scott

[till]

Quote:

1. What port is are they getting these errors on based on the error above?

80

Quote:

2. What folder do I put the .htacess file in for the /var/www folder?

Answered that already above:

"You can not block access to all sites from a single .htaccess file, you will have to add the .htaccess files into the web root diretory of every site where you want to block access to, e.g. /var/www/web2/web/, /var/www/web3/web/ etc."

[scottrill2]

Hey Till as always thanks for the reply,


I do apologize as I hate to make you repeat yourself, because I can not explain myself correctly.

Ill give it another go.

1. I don't have any sites on this server at this time. My family sites are still on ISPConfig2, the version I started with. Right now the only site on ISPConfig 3 is the default site of the control panel.


2.In error logs I am being scanned / bombarded by a bunch of IP's mainly Chinese according to trace route. The 3 logs Im looking at are:

/var/log/apache2/error.log
/var/log/fail2ban.log
/var/log/auth.log


3. Fail2ban is working nice and hard banning tons of SSH failed log ins etc.


4. The errors in apache error log are like in the above post "File does not exist: blah blah"


5. All the errors are based on the /var/www folder example the folders being scanned asked for of one Chinese IP:

/var/www/admin
/var/www/PMA2010
/var/www/Admin
/var/www/sql
/var/www/mail
/var/www/phpmyadmin
/var/www/PMA2006
/var/www/sqlmanager
/var/www/phpmyadmin-old
/var/www/pma2011
/var/www/phpmanager
/var/www/webadmin
/var/www/phpMyAdmin-2.8.0
/var/www/PMA2009
/var/www/phpMyAdmin-2
/var/www/sqlweb
/var/www/pma2005
/var/www/phpmyadmin2
/var/www/mysqlmanager
/var/www/PMA2005
/var/www/mysqladmin
/var/www/php-my-admin
/var/www/websql
/var/www/PMA
/var/www/myadmin
/var/www/mysql-admin
/var/www/pma2006
/var/www/phpmyadminold
/var/www/phpMyAdmin-2.8.2
/var/www/mysql
/var/www/phpMyAdmin2
/var/www/PMA2008
/var/www/webdb


So since I dont have any sites installed yet I cant place one inside of /var/www/web3/web/ or the like. Once I transfer the sites over I will do that too.

I hope I explined it a little better or clearer. So for my questions I have:


1. How did you know the above error is port 80 since it didn't mention a port? Is it always port 80 unless the error log lists another port?


2. Since I don't have a site installed yet, what URL are they scanning to get this errors? Just the server1.example.com that the control panel is installed on?


3. For the default install "PREsites installed" how do I stop these scans for the root default site of the control panel?


Thanks as always folks,

Scott

[till]

1) yes
2) The apache default vhost. You can add your banning rules there too instead of a .htaccess file if you dont run any websites.
3) These scans are harmless and happening on every server, just make sure you install updates regularily. You can not really ban them as this would man to deny access to regular requests as well.

[scottrill2]

Thanks as always for the info Till,

By apache default vhost you mean "/etc/apache2/sites-available/default" correct?


I understand they are harmless unless I am lax about updating etc. I guess Im just too old and too stubborn lol I have a hard enough time as it is reading through (let alone understanding) logs without seeing their crap lol



Thanks again sir, enjoy hump day!!


Scott

[falko]

Quote:

Originally Posted by scottrill2

By apache default vhost you mean "/etc/apache2/sites-available/default" correct?

Yes, that's right.