FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-08-2011, 05:46 PM
Jason
 
Default Am I being to paranoid?

Hi All,

I want to know thoughts on if I am being to paranoid/security conscious.

CentOS 5.6, Apache, MySQL, running an Firewall in front of everything and obviously the built-in firewall on the box. I have ssh on a different port and starting to use Keys instead of password authentication. I host an intensive website and I am getting about 150 unique visitors per day.

What I am seeing is LogWatch reporting a lot of 404's like:

404 Not Found
//PHPMA/: 1 Time(s)
//admin/myadmin/: 1 Time(s)
//admin/phpmyadmin/: 1 Time(s)
//adming/: 1 Time(s)
//ascils/phpmyadmin/: 1 Time(s)
//blog/wp-content/plugins/phpmyadmin/: 1 Time(s)
//database/: 2 Time(s)
//db/: 1 Time(s)
//dba/: 1 Time(s)
//dbadmin/: 2 Time(s)
//html/phpMyAdmin/: 1 Time(s)
//html/phpmyadmin/: 1 Time(s)
//lamp/phpmyadmin/: 1 Time(s)
//myadmin/: 1 Time(s)
//mydatabase/: 1 Time(s)
//mydb/: 1 Time(s)
//myphp/: 1 Time(s)
//mysql-admin/: 1 Time(s)
//mysql/: 1 Time(s)
//mysqladmin/: 2 Time(s)
//mysqlmanager/: 1 Time(s)
//phpMyAdmin-2.8.0.2/: 1 Time(s)
//phpMyAdmin-2.8.1-rc1/: 1 Time(s)
//phpMyAdmin-2.8.1/: 1 Time(s)
//phpMyAdmin-2.8.2/: 1 Time(s)
//phpMyAdmin/: 1 Time(s)
//phpadm/: 2 Time(s)
//phpma/: 1 Time(s)
//phpmanager/: 1 Time(s)
//phpmy/: 2 Time(s)
//phpmyadmin/: 1 Time(s)
//pma/: 1 Time(s)
//pmaadmin/: 1 Time(s)
//pmadmin/: 1 Time(s)
//sql/: 1 Time(s)
//sqladmin/: 2 Time(s)
//sqldatabase/: 2 Time(s)
//sqlmanager/: 1 Time(s)
//sqlweb/: 1 Time(s)
//typo3/phpmyadmin/: 1 Time(s)
//webadmin/: 1 Time(s)
//webdb/: 1 Time(s)
//websql/: 1 Time(s)
//wp-content/plugins/phpMyAdmin/: 1 Time(s)
//wp-content/plugins/wp-phpmyadmin/: 1 Time(s)
//xampp/phpmyadmin/: 1 Time(s)

So I turned on Apache ReWrite and I created a file and I put in rules like: (just a small subset)

RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmy(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpma [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpgadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phppgadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmyadmin(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/php-my-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/php-myadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmy-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/phpmanager [NC,OR]
RewriteCond %{REQUEST_URI} ^/player(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/plugins [NC,OR]
RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
RewriteCond %{REQUEST_URI} ^/p/m/a [NC,OR]
RewriteCond %{REQUEST_URI} ^/pmadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/pmaadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/scripts [NC,OR]
RewriteCond %{REQUEST_URI} ^/sd(.*) [NC,OR]
RewriteCond %{REQUEST_URI} ^/sql [NC,OR]
RewriteCond %{REQUEST_URI} ^/sqladmin [NC,OR]

and if one of these is hit I use a Rule of:

RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]

Everyday I look at the LogWatch E-Mail and I add one people are trying to hit and restart apache.

This yields a few questions.

1. Am I being to paranoid by doing this? My logic is they dont belong here and I could get mad if someone walked up to my apartment and tried jiggling the door handle to see if it was unlocked.

2. I know I can simplify these rules. Wouldn't RewriteCond %{REQUEST_URI} ^/php(.*) [NC,OR] get most of the attempts for thinks like /php, /php-myadmin, /phpmyadmin-2.0.8.8, etc?

3. Is there a better way to right these rules?

4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit and they are re-directed back to themselves? My rules seem to be working, if I try and hit /scripts right now, it does what I expect.

Can anyone shed some light for me on my thoughts/questions?

--
Jason


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org