Security :: Use .htaccess To Redirect Chinese Hacking Attempts?
Aug 9, 2010
My server (CentOS 5.4) is being bombarded 24x7 with IP addresses from China trying to exploit phpMyAdmin. For every one I block on the firewall, half a dozen come to the funeral! It's a pity these morons don't have something better to occupy their time. I'm getting page after page of this (see below) every day and it's been going on for weeks. I don't even have phpMyAdmin on the server. I don't use it and I deleted it.
I've read that you can use .htaccess and / or mod_rewrite to redirect / block them based on any query for phpMyAdmin (they try all letters in upper and lower case, leading to page after page). Unfortunately, I have no idea of how to do this. I already have an .htaccess file. Maybe someone can suggest what to add to stop these pests from wasting my bandwidth and suggest somewhere I could redirect them to to cause them maximum problems. I don't want to block the entire country, seems a bit like overkill, not all Chinese are morons. we aren't even in the USA, so why they are doing this is beyond me.
A TINY sample!
[Sun Aug 08 13:29:08 2010] [error] [client 61.191.41.53] File does not exist: /var/www/corp/phpMyAdmin-2.7.2
[code]...
View 6 Replies
ADVERTISEMENT
Jul 22, 2010
After reading this pdf on top 5 things to log for security, ive decided to attempt this for my webserver. how i might setup some logging systems to do these tasks. Basic things i need to be able to do: Record things like password attempts on htaccess files, from what IP address, and how many attempts there were. Any useful links anyone can think of to get me started? Im a student programmer at university so any programming i should be able to cope fine.
View 2 Replies
View Related
Apr 16, 2010
I would like to setup .htaccess to redirect every request to one website regardless of folder/filename combination to another URL.For example[URL]
View 1 Replies
View Related
Jul 23, 2009
I want to give a 404 error when the index.html file is requested, i already know how to do this in php, but i cant seem to locate any information about how to do it in htaccess. I thought about just redirecting index.html to a page that dose not exist, but i would like to do it correctly from the start.
View 2 Replies
View Related
Aug 4, 2010
I would like to make a url redirect in the .htaccess. I wonder where to find it and how to use it
View 1 Replies
View Related
Jul 7, 2010
Stay I have a url to view files, e.g.
[URL]
How do I setup a apache htaccess redirect so I can use a static url like:
[URL]
View 3 Replies
View Related
Aug 10, 2010
How can I redirect my URL after a site move.I have phpBB forum software installed on a 10.04 server, and I recently moved the forums from mysite.com/forums/ to mysite.com/.
So, a thread that looked like
mysite.com/forums/viewtopic=...
now looks like
[code]...
View 2 Replies
View Related
Feb 2, 2011
I need to redirect through a .htaccess file in my root folder. The redirect needs to be done from http://www.department.univeristy.edu/reuir to a different server [url]. I am having trouble in determining the pattern that is required for it to take effect.
View 2 Replies
View Related
Apr 7, 2009
I have recently merged two Joomla 1.0 sites I ran into one. I imported the articles I wanted to keep to the new site, and I have the old site's domain pointing as an alias at the new site. The new site is www.theouthousers.com . The old site was www.bludblood.com .
I also have the core SEF URLs on, using the htaccess.txt file that came with Joomla.
I have one writer for the old site who linked to his articles in various places, so I am trying to set up redirects for him so that he doesn't have to change all of his links.
For instance, I need something like:
http://www.bludblood.com/joomla/inde...d=25&Itemid=51
To redirect to the equivalent location on the new site:
[url]
And I also need specific links like:
[url]
To redirect to their new counterparts:
[url]
Keeping in mind that www.bludblood.com is now an alias of www.theouthousers.com, is there any way to do this? I have been trying with rewrite rules and redirects, and cannot seem to achieve the desired effect.
Tried various versions of:
Code:
Redirect [url] [url]
With the http, without, as regexps, as 301s, as permanents, etc, and it just will not work. Also tried as RewriteRule.
View 2 Replies
View Related
Feb 15, 2011
Curruntly using Ubuntu 9.10!I am eager to know where the hacking begins in linux? The stuff like netstat, telnet, or mail-forging or even pinging...ho do we do that in linux?
View 3 Replies
View Related
Jan 4, 2010
I think it is very easy to hack passwords in Linux, but I did not try it yet. If you use sudo you get 3 attempts for the correct password. But if you get enough time it should be no problem to hack it by bruteforce. Imagine a script an attacker places on your machine which runs for a few hours or days. I think it is much more effective to delete the user out of the admin (or adm?) group so that user cannot be any danger anymore. You would have to login with root and readd the user then.
You now say: but if you login with root you got almost the same effect as with sudo. Of course it is the same. That is why I would use a system (not sure which yet) to create sub enviroments of your OS, which got the attribute that they can run without root, only got one account that can sudo and once sudo access is denied there is no other way to login as root. You just can repermit sudo access by the parent os layer.
View 9 Replies
View Related
Dec 14, 2010
After a week this 200 lines c code still working, it seems Ubuntu forget it, what happend?
http://marc.info/?l=full-disclosure&...5358621826&w=2
*solved: I build a new kernel (2.6.32.27)
View 5 Replies
View Related
Apr 10, 2009
I went away from home for a few days, ... Now I am back at home and noticed, that my server is going out with 100% available bandwidth. The server is mainly Http / Ftp / Mail server, so I stopped all services, to see which one it is. ervices stopped, still 100Mbps go out like ants in the flood.
I updated the system, made a backup, installed IPtraf. It seems that I have something 'installed' and my server is running something to attack User computers. It seems to try to find something on random IP's random ports. I am a little bit confused now. As long as my sites are running, I'm ~OK~ but sooner or later I would like to have my bandwidth back. How could I try to hunt down which service/app/process got hacked?
It seems that the monetary system of our society got now more enemy's than friends. Capitalism seems to reach it's end. But my server is serving also ART! Sooner or later we will need to pay copyright even for our thoughts. I was reading today, that the French president wants to punish file sharing as his wife made 3 albums, and wants to get some money ..
View 12 Replies
View Related
Sep 4, 2010
Well, I was randomly taking a look at my vsftpd log today, and came across something unusual to myself. About a week ago a computer tried to connect to my computer repeatedly with bogus default usernames. There were many attempted connections with usernames such as 'user', 'root', 'linux', and 'login'. Probably about 1000 attempts, within about 2 seconds of each other.
View 9 Replies
View Related
Jan 21, 2011
I hope this is an appropriate place to post this - if not, so sorry & just let me know where I should start the chat: I run a dual booted (Win Vista & Ubuntu Studio Lucid) Dell Inspiron Laptop (2.2 ghz core2duo, 4 gb ram, 256 mb vc, 500 gb hdd).
At random times when I boot into Ubuntu, (right away after grub) I get a black screen with one line of dark red Chinese charachters at the top of the screen and then it just freezes there. Have any of you ever heard of this, and if so, could you enlighten this nOOb? All I do to fix it is reboot, and often this will fix the issue. Is it possible that my system been compromised through installing stuff from medi/univ/multi?
View 8 Replies
View Related
Jan 30, 2011
I can't seem to get htaccess to work.I've created a .htpasswd file like so:
Code:
htpasswd -c -m .htpasswd user
Then it prompts me for a password for that user. I put the password file one dir above my
[code]....
View 6 Replies
View Related
Apr 28, 2009
I know this is probably easy and if I only took a while to figure it out maybe I could but I have some stuff that needs to happen soon and I can't figure this out. I was wondering how I could have a log monitor that would email me whenever someone tries to login over ssh to my system. I'm open to everything daemons/scripts or cron itl works as I am not running a production server (but I might be starting that soon). Oh and just a side how do I get sent an email when I get port scanned
View 6 Replies
View Related
Nov 15, 2009
I have a server box behind my ISP router at home, and I need to allow ssh access to my server. My ISP router doesn't let me allow selectively ssh from some IP. It allows ssh to everyone.
I have fedora10 and openssh-server-5.1p1-3. How can I configure openssh to allow just from 1 IP?
Does it use xinetd at all and the hosts.allow and .deny mechanism?
View 14 Replies
View Related
Jun 29, 2010
How can I set up snort to only log and detect/capture logins using root or any of the "homeusers" login accounts or names?
View 9 Replies
View Related
Sep 30, 2010
I'm running the firestarter firewall and its been showing the odd ssh attempt quite often. e.g. I've had 4 attempts today, 3 in the last 40mins. I realize that this may be nothing to serious but it's got me curious, aside from having a secure password (which I have) is there anything that else that I can do to ensure that my system is as secure as possible from ssh? I do use ssh within my home network so I don't want to disable it completely.
View 9 Replies
View Related
Oct 23, 2010
I have an SSH server on my laptop, and I'm using the default configuration file, but I added "AllowUsers <myUserName>". I get lots of login attempts like the ones below in my /var/log/auth.log.From Google, I find that pam_winbind allows some kind of Windows authentication. This leaves me with 2 questions. What does winbind do when I have not configured any Windows/Samba accounts? How can I turn it off?
Code:
Oct 23 20:01:49 muon sshd[24329]: User root from 201.116.17.163 not allowed because not listed in AllowUsers
[code]...
View 9 Replies
View Related
Nov 18, 2010
I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)
Code:
Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197
Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66
How can I block above such attempts?
View 11 Replies
View Related
May 20, 2010
How does one unlock an account when it is locked by too many failed attempts for login?
View 1 Replies
View Related
Mar 22, 2011
I am running a ubuntu server 10.10 with SSH, and OpenVPN. I use it mainly for the VPN, but I have seen log in attempts such as:
Mar 22 14:52:53 UbuntuSvr sshd[2397]: Invalid user support from 85.217.190.69
Mar 22 14:52:55 UbuntuSvr sshd[2399]: Invalid user student from 85.217.190.69
Mar 22 14:52:57 UbuntuSvr sshd[2401]: Invalid user transfer from 85.217.190.69
Mar 22 14:52:59 UbuntuSvr sshd[2403]: Invalid user user from 85.217.190.69
[Code]...
Is it possible to make it so when some one has tried logging in 5 times with an invalid user/pass that the ip is banned for 10 minutes? I have password auth set to no and am using keys.
View 7 Replies
View Related
May 25, 2010
I'm trying to lock an account after a number of failed login attempts in a RHEL5.
This is the relevant configuration in /etc/pam.d/system-auth
In the logs I can see how the count of failed logins increase and exceeds my deny option but the account isn't locked
Do I need any other option in the PAM file? Is there any other way to lock an account?
View 5 Replies
View Related
Apr 1, 2011
I want to count the failure root login attempts so that do an action when the user faild to login as root for three consecutive times (like log a line in syslog).
View 4 Replies
View Related
Jan 15, 2011
I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
Code:
aparaho - maxlogins 4
or
Code:
@aparaho - maxlogins 4
Maybe '@' is a group syntax? I'm confused.
What happens after 4 failed loggins? Is it enough to restart system to get another login attempts?
Are there any other values that it is reasonable to limit for safety reasons?
View 4 Replies
View Related
Feb 16, 2011
I am trying to get OpenLDAP to authenticate user logins, but running around in circles. Are there any logs produced by either client and/or server that would indicate possible reasons why it was unable to login as a user?Below is an explanation, any ideas would be appreciated, as I think everything is setup as per the various articles on using LDAP.
I have a CentOS 5.5 OpenLDAP server, and several others, some host services, some are file shares (samba).So far I have been able to successfully configure OpenLDAP to carry out all the ldap* commands from both the local server and from any of the remote servers, either via non-ssl or ssl connections. However, as soon as I try connecting any services up to it, it doesn't play ball.Back to basics, having cleared off all previous attempts at this from all machines, I have gone through the following:
Installed OpenLDAP server/client on host (plus nss_ldap).
Configured /etc/openldap/slapd.conf (see below)
Configured /etc/openldap/ldap.conf (see below)
[code]...
View 2 Replies
View Related
Jul 22, 2010
currently I'm fiddling around with mod_security for apache2 configurations on CentOS boxes, right now in a test environment first (i.e. separate non production box).CentOS includes the mod_security "Core Rule Set" by Breach Security Inc, the devs behind that module.So far all's running mostly, logs/auditlogs etc.For simple testing, I made a small php form as following:
Code:
<?php
$link = mysql_connect("localhost",$user,$pass); //un/pw obfuscated for forum post
[code]...
View 1 Replies
View Related
Jan 26, 2010
I have a folder on my server i want to protect with http authentication but i have problem. i created a password htpasswd -c .htpasswd razzera
then i created a .htaccess file in the folder and added
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /.htpasswd
Require user razzera
but when i go tho the folder it wont request any login details. why ??
View 6 Replies
View Related
