Anyways, I’ve read a lot of posts regarding these types of attacks and other than keeping my server uptodate, there isn’t much I can do. One suggestion I read was to block certain countries from accessing my server, which seems ok I guess.
I have looked all over webmin and virtualmin for the screen where I can block IP’s or ranges of IP’s - I cant find it. I would appreciate it if someone could point me to the right module so I can block some of these attacks. Or how to write a IP block config file and where to put it.
Much thanks.
BTW, I could not be happier with Virualmin and Webmin. Great software.
Best,
-john
There are indeed bots scouring the Internet, looking for security holes.
In my opinion, if there are security vulnerabilities on the apps running on your server – blocking IP’s isn’t really going to help… at best, it may prolong how long it takes those bots to find the holes on your server
To really keep the bad guys out, you need to keep on top of the apps running on your server, and make sure your users keep their web apps up to date.
One proactive step to take would be to use Apache’s mod_security module, which uses various rules to identify attacks against your server in real-time, and will block the request. You can read about mod_security here:
That said, if you want to block IP’s, you can do so by going into Webmin -> Networking -> Linux Firewall. From there, you can create a new chain, and then start adding rules to that chain.
However, I personally wouldn’t be too concerned about the log entries you saw in your Apache logs. Mine are filled with those! All those mean are that a bot stopped by your server, looked for vulnerabilities, and if you’re using an up to date version of phpMyAdmin – chances are it found none, and moved on