Answer information access_log scanning security

davidhan

Member
Sep 18, 2014
8
0
1
technewonline
cPanel Access Level
Website Owner
Hi. everybody.
Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example

cgi-bin/
cgi-sys/
nessus/
system/

etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist.
Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated.

All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption.

Thanks!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

You can't really prevent anyone from trying to find exploits on your system, but you can implement tools such as Mod_Security and CSF to help block the attempts. You may also find the "Security Advisor" helpful for determining which settings to enable/disable:

"WHM Home » Security Center » Security Advisor"

Thank you.