Dark reading article on the proper port of SSH daemon.
Jose R R
jose.r.r at metztli.com
Tue Dec 9 06:13:53 UTC 2008
On Mon, Dec 8, 2008 at 9:43 PM, Nikolas Lam
<nlam87346 at library.usyd.edu.au> wrote:
> On Mon, 2008-12-08 at 21:31 -0800, Jose R R wrote:
> ...
>> I am also looking for insight/recommendations on an utility to stop
>> scraping/resource probing like abuses, where an given perpetrator will
>> start at the root of the web resources and continue for several
>> minutes traversing the whole site(s).
>
> Check out fail2ban - it monitors your logs and modifies your iptables
> entries to block likely abusers for a fixed period (all configurable).
> I've found it highly affective against bulk automated brute-force
> attacks.
>
> Nik
>
>
Thanks for pointing out my omission, Nik. I have enabled the
following sections in fail2ban jail.local configuration file and I
will continue monitoring closely.
[apache]
enabled = true
port = http
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
[apache-noscript]
enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
Regards.
--
Jose R R
http://www.metztli-it.com
More information about the redhat-list
mailing list