Hello everybody,
Last night, my website was really slow and crash one time. Today On my logwatch mail i see this message : "A total of 300 sites probed the server" with a list of all 300 IP...
It's the second time in one month this appen to me. How can i protect my server against that ?
Thanks
Regards
A total of 300 sites probed the server...
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: A total of 300 sites probed the server...
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.
[url=http://en.wikipedia.org/wiki/Fail2ban]Fail2ban[/url] is one tool to consider. You can also just use /etc/hosts.deny.
[url=http://en.wikipedia.org/wiki/Fail2ban]Fail2ban[/url] is one tool to consider. You can also just use /etc/hosts.deny.
Re: A total of 300 sites probed the server...
Ok thank you very much ;)
I heard about fail2ban so i think i'm going to install it on my server.
But i have one question for my own knowledge what these 300 sites which "probe" my server really does ? They are just visiting my website or trying to log or what ?
Thanks
Regards
I heard about fail2ban so i think i'm going to install it on my server.
But i have one question for my own knowledge what these 300 sites which "probe" my server really does ? They are just visiting my website or trying to log or what ?
Thanks
Regards
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: A total of 300 sites probed the server...
Frankly I don't know, but the message certainly implies that they are probing for vulnerabilities. Checking logs might give you a better idea.
Re: A total of 300 sites probed the server...
Ok thanks,
I installed it succesfully but is it possible that fail2ban kill all session on my website ? because now when you are logged in and you change page the session is killed... you have to login again and this appear after installing fail2ban ...
Somebody have an idea of what happened ?
Thanks
I installed it succesfully but is it possible that fail2ban kill all session on my website ? because now when you are logged in and you change page the session is killed... you have to login again and this appear after installing fail2ban ...
Somebody have an idea of what happened ?
Thanks
A total of 300 sites probed the server...
[quote]Davideer wrote:
Last night, my website was really slow and crash one time. Today On my logwatch mail i see this message : "A total of 300 sites probed the server" with a list of all 300 IP... It's the second time in one month this appen to me. How can i protect my server against that ?[/quote]
Logwatch gives you an overview of what occurs. Any leads should be investigated. That means searching the logs for anomalies, knowing what you have running in your web stack and how it is configured. Only when you have an idea of what is happening or who is doing what -=then=- you should ask about mitigation.
Last night, my website was really slow and crash one time. Today On my logwatch mail i see this message : "A total of 300 sites probed the server" with a list of all 300 IP... It's the second time in one month this appen to me. How can i protect my server against that ?[/quote]
Logwatch gives you an overview of what occurs. Any leads should be investigated. That means searching the logs for anomalies, knowing what you have running in your web stack and how it is configured. Only when you have an idea of what is happening or who is doing what -=then=- you should ask about mitigation.