Out of looking at my server error logs I thought to see if anyone has some ideas. I have had from 5 or so different ip addresses attempt to hit common urls in my server such as http://..../awstats and /admin etc. From what I can see all the attempts have had the appropriate ispconfig error page shown to them. My question is.... is there a script/plugin that can block repeated requests such as this from an ip address (ie ban the ip) e107 can do this on the website side of things but is there a ispconfig equivalent?
Thanks for the advice...I'll look into those options. Is it worthwhile sending an email to the abuse@ address? I am not sure of the protocol or even if that is worthwhile? Here is an extract from /etc/httpd/logs/error_log for a further understanding of the problem; [Sat Jun 30 13:41:51 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde [Sat Jun 30 13:41:51 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde0 [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde1 [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde2 [Sat Jun 30 13:41:52 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/horde3 [Sat Jun 30 13:48:42 2007] [error] [client 204.201.36.200] File does not exist: /var/www/sharedip/thisdoesnotexistahaha.php Thanks..
Most of the times you won't get feedback, when reporting to the abuse address. Often you get an automatic reply, seldom you get personal feedback. If it has any effect at all? I don't know, but every compromised machine less is a good machine, so I just keep on sending mail. Basically, I just forward the fail2ban mail and add some standard text to it.
Thank again for the reply...I'll get my head around the ban script and do as you say with the emails. It would be nice to make a reverse hack but then we would be the same as them!!!!! Thanks all for your help.
