[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, 31 Aug 2011, Anthony Williams wrote:
On 30/08/11 21:19, Dave Morgan wrote:taylorjoshu00@xxxxxxxxxxxxxx wrote:I'm sure you can set fail2ban to look for errors in the apache log, would that help?Thanks for the fail2ban stuff folks; my Apache logs have a lot of access attempts on various phpmyadmin URLs, so it's good to be able to filter out those attackers.
One thing to be aware of.. fail2ban is a solution that follows the "closing the door after the horse has bolted" type of scenario. It will not catch the first (and possibly not the 2nd, 3rd, etc. depending on configuration) probe and if that first probe is the one that finds the vulnerability - zero-day exploit - then you've lost and they've gotten in.
It's probably more suited to reducing attacks like password guesses on ssh, telnet, ftp, pop, imap, etc. services than random URL probes at a web server. Even then, if your passwords are secure, all it's saving you is a tiny bit of bandwidth.
So don't use it as an excuse to not keep things patched and up to date. It's just one tool in an overall strategy.
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq