Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Thu Mar 28, 2024 10:39 pm
VoIP Billing solution


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: a2b web interface under scanning
PostPosted: Mon Mar 19, 2012 5:36 pm 
Offline
User avatar

Joined: Fri Sep 18, 2009 5:46 pm
Posts: 132
Location: hhhhmmmmm
hi guys,
can some one point me to right direction. my web interface (a2b) server is under constant scanning and this scanning is costing me in bandwidth.
file attached is part of my apache log file, attacker is trying to find phpadmin which i dont have on web server. i just want to know is there a way to block these ip address or block any ip address try to scan through.
Thanks


Attachments:
File comment: apache log file
scanner list.txt [43.21 KiB]
Downloaded 875 times
Top
 Profile  
 
 Post subject: Re: a2b web interface under scanning
PostPosted: Tue Mar 20, 2012 12:42 pm 
Offline
User avatar

Joined: Fri Sep 18, 2009 5:46 pm
Posts: 132
Location: hhhhmmmmm
i think i can answer my own question

edit jail.conf file and add following:

[apache-myadmin]
enabled = true
filter = apache-myadmin
port = http,https
logpath = /var/log/apache2/error.log
action = iptables-multiport[name=apache-myadmin, port="http,https", protocol=tcp]
maxretry = 2
bantime = 84600

Save your file.

Now go into the filter.d directory and we're going to create the new filter

Open apache-myadmin.conf in your favorite editor.

Paste this in

[Definition]
failregex = ^[[]client <HOST>[]] File does not exist: *myadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *MyAdmin* *\s*$
^[[]client <HOST>[]] File does not exist: *mysqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *setup.php* *\s*$
^[[]client <HOST>[]] File does not exist: *mysql* *\s*$
^[[]client <HOST>[]] File does not exist: *phpmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *phpadmin* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlmanager* *\s*$
^[[]client <HOST>[]] File does not exist: *sqlweb* *\s*$
^[[]client <HOST>[]] File does not exist: *webdb* *\s*

ignoreregex =


source: http://www.fail2ban.org/wiki/index.php/ ... min_filter


Top
 Profile  
 
 Post subject: Re: a2b web interface under scanning
PostPosted: Wed Mar 21, 2012 8:45 am 
Offline

Joined: Fri Jun 23, 2006 3:56 pm
Posts: 4065
Hi

OSSEC, my preferred scanner looks for attacks like this by default, and includes intrusion detection.

Joe


Top
 Profile  
 
 Post subject: Re: a2b web interface under scanning
PostPosted: Wed Mar 21, 2012 5:03 pm 
Offline
User avatar

Joined: Fri Sep 18, 2009 5:46 pm
Posts: 132
Location: hhhhmmmmm
Joe,
thanks for the idea,
jroper wrote:
Hi

OSSEC, my preferred scanner looks for attacks like this by default, and includes intrusion detection.

Joe


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 
VoIP Billing solution


All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group