[Chugalug] Website scanners (was d at mn scammers/hackers)

David White dwrudy at gmail.com
Thu Oct 18 10:40:37 UTC 2012


I use CSF (CLI version, as I refuse to touch cPanel) and also love it. Some
may call this a bit paranoid, but I even ban IP addresses (temporarily) on
a certain port scan threshold.

It also alerts me when system file hashes have changed.

It doesn't do anything for the actual websites though.

Sent from my iPhone

On Oct 18, 2012, at 12:38 AM, Lynn Dixon <boodaddy at gmail.com> wrote:

Somehow I didn't get the original thread but I got this fork.
I have noticed an huge increase in brute force attempts on my co-located
server.  They have been hitting SSH and Exim.  I am running CSF / LFD on
recommendation from Randy and love it, but the attackers appear to be
hitting from a huge range of IP's and only a few hits at a time, and then
they move to a different IP and attack again.

I have not been hacked, but I don't like all this "negative" brute force
traffic.

On Wed, Oct 17, 2012 at 11:45 PM, Dave Brockman <dave at brockmans.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/17/2012 11:15 PM, David White wrote:
> > To fork the thread, anyone know of any services you can use, and/or
> > or scripts you can run to check the public facing code of sites
> > and ensure there's nothing malicious?
> >
> > On the internal side of things, I wonder if it would just make
> > sense to periodically run an MD5 checksum via cron on each web
> > directory in the server(s) and compare that with the good hash
> > (stored externally, off the server, of course).
>
>
> tripwire?
>
> ossec?
>
> Regards,
>
> dtb
>
>
> - --
> "Some things in life can never be fully appreciated nor
> understood unless experienced firsthand. Some things in
> networking can never be fully understood by someone who neither
> builds commercial networking equipment nor runs an operational
> network."  RFC 1925
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlB/e08ACgkQABP1RO+tr2RR5gCgiGxILJVoii477BRYGBQhoX0K
> n2oAn3vbisLm30UUMMgZLG/TuvXkFxdc
> =mhZx
> -----END PGP SIGNATURE-----
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>

_______________________________________________
Chugalug mailing list
Chugalug at chugalug.org
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20121018/17a48747/attachment.html>


More information about the Chugalug mailing list