Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache2 deny hosts after repeated proxy attempts.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
potuz
Guru
Guru


Joined: 30 Jan 2010
Posts: 378

PostPosted: Thu Nov 05, 2015 10:38 am    Post subject: Apache2 deny hosts after repeated proxy attempts. Reply with quote

Hello, I am very new to hosting a small websiste and am slowly reading through the documentation on Apache. I started the server after a basic setup and quickly after I found these kinds of appearances in the logs:
Code:
115.230.124.174 - - [05/Nov/2015:01:55:12 -0200] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.1499531140925143 HTTP/1.1" 403 280
5.196.75.95 - - [04/Nov/2015:23:02:10 -0200] "GET /muieblackcat HTTP/1.1" 404 275
5.196.75.95 - - [04/Nov/2015:23:02:10 -0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 291
5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 291
5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 284
5.196.75.95 - - [04/Nov/2015:23:02:11 -0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 288
5.196.75.95 - - [04/Nov/2015:23:02:12 -0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 288
141.212.122.112 - - [04/Nov/2015:22:10:34 -0200] "CONNECT proxytest.zmap.io:80 HTTP/1.1" 405 302

which sound like a couple of spammers and perhaps some Windows Zombie in France looking for holes in my PHP conf. I figured I'd like to automatically block such attempts and thought of denyhosts. However, I stumbled upon this thread and realized that even my sshd was not being protected by denyhosts from brute-force attacks. So I am asking here specifically for Apache, how can I automatically add these hosts to a blacklist? and first how can I have a blacklist?

Thanks
Back to top
View user's profile Send private message
hdcg
n00b
n00b


Joined: 07 Apr 2013
Posts: 56

PostPosted: Fri Nov 06, 2015 6:07 am    Post subject: Reply with quote

Hi potuz,

tools like fail2ban (https://packages.gentoo.org/packages/net-analyzer/fail2ban) are your friend here.

fail2ban monitors your logs and in case of malicious messages a firewall rule is issued to keep the causing ip out.

Best Regards,
Holger
Back to top
View user's profile Send private message
Syl20
Guru
Guru


Joined: 04 Aug 2005
Posts: 551
Location: France

PostPosted: Fri Nov 06, 2015 4:19 pm    Post subject: Reply with quote

You should consider mod_security and mod_evasive too. :wink:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum