Menu
▾
▴
[Sshguard-users] Blocking bots looking for vulnerable web apps
|
From: Hans F. N. <Han...@hi...> - 2009-02-05 18:46:02
|
The last months the bots looking for vulnerable web apps on my servers have increaed in number and intensity. I guess you all have entries like these in your log files: 74.63.252.86 - - [02/Feb/2009:10:33:12 +0100] "GET /phpmyadmin/main.php HTTP/1.0" 404 357 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:12 +0100] "GET /phpMyAdmin/main.php HTTP/1.0" 404 357 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:13 +0100] "GET /PMA/main.php HTTP/1.0" 404 350 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:13 +0100] "GET /admin/main.php HTTP/1.0" 404 352 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:13 +0100] "GET /dbadmin/main.php HTTP/1.0" 404 354 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:14 +0100] "GET /mysql/main.php HTTP/1.0" 404 352 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:14 +0100] "GET /myadmin/main.php HTTP/1.0" 404 354 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:14 +0100] "GET /phpmyadmin2/main.php HTTP/1.0" 404 358 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:15 +0100] "GET /phpMyAdmin2/main.php HTTP/1.0" 404 358 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:15 +0100] "GET /phpMyAdmin-2/main.php HTTP/1.0" 404 359 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:15 +0100] "GET /php-my-admin/main.php HTTP/1.0" 404 359 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:16 +0100] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 363 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:16 +0100] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 363 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:16 +0100] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 363 "-" "-" 74.63.252.86 - - [02/Feb/2009:10:33:17 +0100] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 363 "-" "-" I wonder if someone have already tried to use SSHguard to block this annoying traffic (in addition to brute force SSH attacks)? Or could someone give me a hint about how to get started on setting this up (without breaking the existing SSH blocking)? Regards, Hans |
