Answer information access_log scanning security

davidhan

• October 06, 2014 00:07

Hi. everybody. Yesterday looking at access_log file at /etc/httpd/logs I found a ip address (that I blocked after this) trying a lot of server folders for example cgi-bin/ cgi-sys/ nessus/ system/ etc, etc. Its a server scanning, Is there a way to prevent this kind of things with a firewall rule or software? Most of the commands were blocked by mod_Security and others directly gave 404 error cause they dont exist. Also at access log sometimes appears /~user/ folders, like they are accessing using servername and user to see things. Do you recommend to disable ~ access ? Cause sometimes users use this when domains are not correctly propagated. All of this seems that is done using port 80 scanning. But I would like to know a method to block lammers from scanning servers and prevent bandwidth consumption. Thanks!

• 

  cPanelMichael

  • October 06, 2014 19:27

  Hello :) You can't really prevent anyone from trying to find exploits on your system, but you can implement tools such as Mod_Security and CSF to help block the attempts. You may also find the "Security Advisor" helpful for determining which settings to enable/disable: "WHM Home " Security Center " Security Advisor" Thank you.

  0

Please sign in to leave a comment.