Portal Home > Knowledgebase > Articles Database > How many attack attempts do you get to your server per day?
How many attack attempts do you get to your server per day?
| Posted by jailbird2, 08-22-2007, 02:29 PM |
| Yo!
I went today to my apache error log, and noticed that those scum lowlifes hackers trying to hack my server every day for at least 100 times!!!
What a disaster!
Examples of urls they trying to use:
- http://usuarios.arnet.com.ar/larry123/safe.txt?
- http://uploaded.justfree.com/id.txt?
- http://nukedclx.info/php/base
Is there anything that can be done to prevent this mor*** from even trying to hack (except putting a bullet in his/their head)?
Regards
jailbird2
|
| Posted by Patrick, 08-22-2007, 02:34 PM |
| Do you have any mod_security rules setup?
Most of the attempts you will find are file inclusion exploits (like the ones above) and SQL injection exploits.
|
| Posted by cuantica, 08-22-2007, 02:36 PM |
| Would you like to be nominated for the peace corps jailbird?
Think it would be useful run mod_security but I found very confusing the rules setup, it would be great if there were a builder to write and test rules before placing them in production.
|
| Posted by jailbird2, 08-22-2007, 02:42 PM |
| Peace corps! Absolutely! Count me in!
Yep, use mod security, safe mode on, disabled symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd etc... but this is kinda scary anyway!
|
| Posted by ximi, 08-22-2007, 02:51 PM |
| The only thing I suggest is anger management or not looking at those log files. It'll help your blood pressure.
|
| Posted by jailbird2, 08-22-2007, 02:57 PM |
| I am not angry and do not have problems with blood pressure at all! This was not anger in my first post! I would say I am cold blooded, if you know what I mean.
|
| Posted by Patrick, 08-22-2007, 02:57 PM |
| Even though you have mod_security installed, have you manually added any rules to it?
|
| Posted by jailbird2, 08-22-2007, 03:05 PM |
| Yep, my hardening admin done that.... even my php scripts do not work completely....
|
| Posted by ximi, 08-22-2007, 03:08 PM |
| I'm just kidding. I know I didn't have any blood pressure issues when I lived in Pula. (love the beach)
|
| Posted by mrjit, 08-22-2007, 03:10 PM |
| Natural part of webhosting.
They typically come in waves, either when a new worm is out creating Zombie PC's or someone just wants in.
You should see some of the logs from major porn sites I have. Tens of thousands a day.
|
| Posted by jailbird2, 08-22-2007, 03:20 PM |
| Thant is what interests me, how things going with other server owners... you have serious job in protecting your servers with that amount of attack attempts!
|
| Posted by BigGorilla, 08-22-2007, 03:50 PM |
| Most of them are automated scripts. If you keep your server up to date and secured, you generally won't have to worry about them. Worse they'll do is eat up some extra log space.
|
| Posted by jailbird2, 08-22-2007, 04:03 PM |
| I hope you are right, man!
|
| Posted by mrjit, 08-22-2007, 04:12 PM |
| A lot of the time you'll notice a huge majority of attacks coming from the same country, then I'd recommend deciding if its worth blocking that range completely.
|
| Posted by sprintserve, 08-23-2007, 02:28 AM |
| You can actually have Mod_security log without blocking. This is how you test it in the production environment.
|
| Posted by david510, 08-23-2007, 02:46 AM |
| Tighten the mod_sec rules. Have a check of the thirdparty scripts installed on the server and make sure all are updated to the latest version. Check the stats pages of the affected domains and block all suspicious IPs. Run utilities such as logwatch and block all failed login IPs. Run chkrootkit and rkhunter on server.
|
Add to Favourites 
Print this Article
Also Read
