Stop the Hackers?

Discussion in 'Server Operation' started by ocweb, Jul 4, 2007.

  1. ocweb

    ocweb New Member

    Out of looking at my server error logs I thought to see if anyone has some ideas.

    I have had from 5 or so different ip addresses attempt to hit common urls in my server such as http://..../awstats and /admin etc.

    From what I can see all the attempts have had the appropriate ispconfig error page shown to them.

    My question is.... is there a script/plugin that can block repeated requests such as this from an ip address (ie ban the ip) e107 can do this on the website side of things but is there a ispconfig equivalent?
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. AlArenal

    AlArenal New Member

    I'd combine mod_security with fail2ban...
     
  4. ocweb

    ocweb New Member

    Thanks for the advice...I'll look into those options.

    Is it worthwhile sending an email to the abuse@ address? I am not sure of the protocol or even if that is worthwhile?

    Here is an extract from /etc/httpd/logs/error_log for a further understanding of the problem;

    [Sat Jun 30 13:41:51 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde
    [Sat Jun 30 13:41:51 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde0
    [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde1
    [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde2
    [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde3
    [Sat Jun 30 13:48:42 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/thisdoesnotexistahaha.php

    Thanks..
     
  5. AlArenal

    AlArenal New Member

    Most of the times you won't get feedback, when reporting to the abuse address. Often you get an automatic reply, seldom you get personal feedback.

    If it has any effect at all? I don't know, but every compromised machine less is a good machine, so I just keep on sending mail.

    Basically, I just forward the fail2ban mail and add some standard text to it.
     
  6. ocweb

    ocweb New Member

    Thank again for the reply...I'll get my head around the ban script and do as you say with the emails.

    It would be nice to make a reverse hack but then we would be the same as them!!!!!

    Thanks all for your help.
     

Share This Page