Block script hack attempts

Post Reply
ricky42
Junior Member
Posts: 5
Joined: 16 Jun 2010, 15:17

Block script hack attempts

Post by ricky42 »

Hi,
Not sure if this is already part of csf .. logwatch is sending me daily reports about possible intruders trying to access popular scripts like phpmyadmin (/PHPMYADMIN/config/config.inc.php?p=phpinfo();, /dbadmin/config/config.inc.php?p=phpinfo();) from 193.170.124.252 or /admin/phpmyadmin/main.php, /phpMyAdmin-2.5.6/main.php etc... from 173.203.72.5. and /w00tw00t.at.ISC.SANS.DFind from various IP addresses.

Is there a way that I can automatically block these type of attempts. Like a keyword (file/directory) in the URL triggers the IP block. I know for sure which are my URLs. If somebody else is trying to access non existing URLs, it must be a hack attempt.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

You should really look into using ModSecurity to trap web server related issues. The http://gotroot.com rules are an excellent starting point.
Post Reply