D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] iptables and hackers

 

HI all hope you all had a good Bank hols,

Now I have the router open to the Internet....

 what dynamic firewall rules sw would you recommend to stop  these sort
of attempts 

00.206.117.22 - - [29/Aug/2011:12:48:42 +0100]
"GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 488 "-"
"ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:43 +0100]
"GET /3rdparty/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:43 +0100]
"GET /admin/mysql/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:44 +0100]
"GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:45 +0100]
"GET /admin/pma/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:45 +0100]
"GET /_admin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:46 +0100]
"GET /admin/scripts/setup.php HTTP/1.1" 404 474 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:47 +0100] "GET
admin/scripts/setup.php HTTP/1.1" 400 472 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:47 +0100]
"GET /admm/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:48 +0100]
"GET /admn/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:48 +0100]
"GET /backup/phpmyadmin/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:49 +0100]
"GET /backup/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:53 +0100]
"GET /bkup/phpmyadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:53 +0100]
"GET /bkup/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:54 +0100]
"GET /cpadmindb/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:54 +0100]
"GET /cpadmin/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:56 +0100]
"GET /cpanelmysql/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:56 +0100]
"GET /cpanelphpmyadmin/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:57 +0100]
"GET /cpanelsql/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:58 +0100]
"GET /cpdbadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:58 +0100]
"GET /cpphpmyadmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:59 +0100]
"GET /databaseadmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:48:59 +0100]
"GET /dbadmin/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:00 +0100]
"GET /db/scripts/setup.php HTTP/1.1" 404 471 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:01 +0100]
"GET /myadmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:01 +0100]
"GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:02 +0100]
"GET /mysqladminconfig/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:03 +0100]
"GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:03 +0100]
"GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:05 +0100]
"GET /MySQLAdmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:05 +0100]
"GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:06 +0100]
"GET /mysql/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:06 +0100]
"GET /phpadmin/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:07 +0100]
"GET /phpmanager/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:08 +0100]
"GET /phpm/scripts/setup.php HTTP/1.1" 404 473 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:08 +0100]
"GET /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
200.206.117.22 - - [29/Aug/2011:12:49:09 +0100]
"GET /phpMyAdmin1/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"

Obvoiusly 200.206.117.22 is now blocked,  but can I have something which
looks at the 404,  or wherever 479 is and say "no page found" so they
are opportunist hackers and we will block them. 

-- 
________________________________________________________________________

Regards

Kevin Lucas
Minions Post Master(Sub) 
sip:kevin.lucas@xxxxxxxxx
www.minionsbandb.co.uk
www.tearooms.minionsbandb.co.uk
FaceBook Minions_shop
Po House, Minions,
Liskeard Cornwall 
PL14 5LE
01579363386


-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq