Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Should I be concerned if I get alot of hits from different IP to my webserver that seem to come from the same subnet as myself (i.e. the first half of the offender IP is the same as mine)? The server is just for my personal use, not enterprise and I don't have a registered domain. The 'attack' seems pretty trivial and I have already taken steps to minimize their damage, but is this caused by something misconfigured on my end or has someone else from my ISP been compromized or neither?
Depending on what your webserver is and how it is setup you may or may not be concerned.
There is quite a lot of stuff hitting random webservers nowadays. From the internet crawlers to an insane amount of worms as well as proxy hunters. However if that is all you have in your logs it doesn't look too bad as it is very low intensity and they are only normal GET requests. Usually bots use HEAD and viruses try using things that we don't have. It actually looks like someone is just snooping around and looking at you webpage with a wget or something or your front page doesn't have any pictures in it. He only gets the main html file which is a bit odd.
I saw these appear about 1-2 months ago. I setup p0f to fingerprint some packets and they always seemed to come from unpatched Windows boxes. IIRC, I did a little bit of research and it turned about to be the latest MS virus/worm at that time. Don't remember specifically what it was unfortunately.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.