LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   should i be paranoid about 108 hits in 5 hours? (https://www.linuxquestions.org/questions/linux-security-4/should-i-be-paranoid-about-108-hits-in-5-hours-32100/)

rioguia 10-07-2002 01:02 AM
should i be paranoid about 108 hits in 5 hours?
 
I want to know if I should be worried about being targeted for hacking. I've just installed an apache server and a firewall so I have no basis of comparison. I've recorded 108 individual hits on my apache web server in the past 5 hours pm [ports 1025, 1026, 8875, 3274]. I have a domain name but have not registered with any search engines. the hits are coming from taiwan, korea, china, germany, and france. i have an old box i'm running a smoothwall firewall which seems to be doing ok but I was wondering if this is an unusual number of hits.

neo77777 10-07-2002 01:26 AM
As you probably already know you can get everything from logs
access.log and error.log in apache log directory, if you'd see any reference to cmd.exe or any other stuff relating to MS they are most probably woms floating around net targeted to MS IIS servers, you can just ignore them or if the IP's are repetetive you can just block them, watch out for Slapper Worm if you are using SSL, and other *NIX+Apache worms still dwelling on the net, make sure you are running the latest stable apache webserver or you've applied all the security related patches for your current Apache webserver and you have latest openssl package installed if you're using Apache+mod_ssl. Happy linuxing!
P.S. Make sure if you are using any DB's that their versions are up2date with all security patches and configuration applied, also if you are using PHP make sure it is configured properly, and there is no config files sitting around wide-open for easy access, read up the Security Weekly updates posted by unSpawn every week for the latest info on the linux security front. I included no links due to high volume of them, but if you search here you'll find all the info you need to keep your penguin in a cool place, without sharks threatening his life.

trickykid 10-07-2002 01:34 AM
Ah don't worry about it. I like laughing at my ftp and ssh server log files I have. I've seen a few from Microsoft trying to login as root or something on my FTP server and ssh, many from Japan.. but that many hits, nothing to worry about really. Mine isn't even set up with a actual name, they have to type my IP address to get to mine.. :) I think I had about 30 to 50 hits about an hour or so after I had mine up with just ssh and ftp services running on it.

But its good to always be cautious though. Just keep good security in mind and you should be ok. Always keep updated and always look out for anything fishy, not for sure about something, take it off the network until you know for sure.


All times are GMT -5. The time now is 07:58 AM.