The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

access_log scanning security

Discussion in 'Security' started by bsasninja, Sep 20, 2007.

  1. bsasninja

    bsasninja Well-Known Member

    Joined:
    Sep 2, 2004
    Messages:
    528
    Likes Received:
    0
    Trophy Points:
    16
    Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example

    cgi-bin/
    cgi-sys/
    nessus/
    system/

    etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist.
    Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated.

    All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption.

    Thanks
     
  2. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    I got that too on all my servers, but I just blocked the ip in the firewall.
     
Loading...
Similar Threads - access_log scanning security
  1. keat63
    Replies:
    4
    Views:
    118
  2. Mr_Kings
    Replies:
    5
    Views:
    641
  3. frigid
    Replies:
    12
    Views:
    750

Share This Page