Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

access_log scanning security

Discussion in 'Security' started by bsasninja, Sep 20, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    527
    Likes Received:
    0
    Trophy Points:
    166
    Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example

    cgi-bin/
    cgi-sys/
    nessus/
    system/

    etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist.
    Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated.

    All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption.

    Thanks
     
  2. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    166
    I got that too on all my servers, but I just blocked the ip in the firewall.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice