A total of 300 sites probed the server...

[Davideer]

Hello everybody,

Last night, my website was really slow and crash one time. Today On my logwatch mail i see this message : "A total of 300 sites probed the server" with a list of all 300 IP...

It's the second time in one month this appen to me. How can i protect my server against that ?

Thanks

Regards

[pschaff]

Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.

[url=http://en.wikipedia.org/wiki/Fail2ban]Fail2ban[/url] is one tool to consider. You can also just use /etc/hosts.deny.

[Davideer]

Ok thank you very much ;)

I heard about fail2ban so i think i'm going to install it on my server.
But i have one question for my own knowledge what these 300 sites which "probe" my server really does ? They are just visiting my website or trying to log or what ?

Thanks

Regards

[pschaff]

Frankly I don't know, but the message certainly implies that they are probing for vulnerabilities. Checking logs might give you a better idea.

[Davideer]

Ok thanks,

I installed it succesfully but is it possible that fail2ban kill all session on my website ? because now when you are logged in and you change page the session is killed... you have to login again and this appear after installing fail2ban ...

Somebody have an idea of what happened ?

Thanks

[unspawn]

[quote]Davideer wrote:
Last night, my website was really slow and crash one time. Today On my logwatch mail i see this message : "A total of 300 sites probed the server" with a list of all 300 IP... It's the second time in one month this appen to me. How can i protect my server against that ?[/quote]
Logwatch gives you an overview of what occurs. Any leads should be investigated. That means searching the logs for anomalies, knowing what you have running in your web stack and how it is configured. Only when you have an idea of what is happening or who is doing what -=then=- you should ask about mitigation.