The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
Everybody is probing everything. :)
Moving the directory name might break software updates (if installed via yum)!
EPEL phpMyAdmin comes with a config file in /etc/httpd/conf.d, you can allow/deny stuff there. Also enabling HTTP auth in phpMyAdmin might help, too if you use strong passwords.
Or set Apache ACLs in the vhost config. Or set iptables firewall rules.
Excluding Asia won’t work for all or global companies, but works fine for others.
Yup. Just “Asia” is silly – I see them all the time, and it’s not just China and Korea, but those real nasties in Brazil, and the Netherlands, and Russia, and some Germans, and occasional the Brits… and, of course, let’s not forget all those nasty evil scum trying to break in… from the US.
Agreed — the abuse is not just from one continent or country.
But at the same time it’s not prudent to allow anyone access to a service
(host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
How do you handle the ACL when multiple users need the SSH access?
Use case scenario, I have setup CentOS based LAMP servers (as an admin) and pay extra for static IPs to assure my clients that I
access their servers from specific IPs only. However, the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for)
At the moment, I have had to leave it open with fail2ban monitoring the SSH port.
Am 18.04.2013 08:44, schrieb Arun Khan:
ACLs won’t cut it in that scenario, but limiting SSH to public key authentication (ie. disabling password authentication) and disabling direct root login should be sufficiently secure.
Agreed but explaining the concept to WAMP web application developers ….
This is the first thing I do after installation is complete :)
You could create an iptables chain specifically for those needing SSH
access. For a boat load of customers though this may not scale well.
On many of my systems anyone other than sys admins do not need SSH access. And on top of that people that work remotely have VPN access.
Clearly, my situation is different than yours but maybe you can adapt something.
If fail2ban is working well then stick with it. I more often use fail2ban on vsftp and sasl auth logs since SSH is all but isolated from the outside world on _most_ boxes.