Hi. everybody.
Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example
cgi-bin/
cgi-sys/
nessus/
system/
etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist.
Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated.
All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption.
Thanks!
Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example
cgi-bin/
cgi-sys/
nessus/
system/
etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist.
Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated.
All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption.
Thanks!
