0

I have two directories, under /var/www/vhosts: mydomain/ and default/. Files in default directory can be accessed using IP address of our server.

I have checked Apache log and somebody is constantly, trying to access random files under that directory - is performing "mapping". Also IP address, from which request is coming appears always different in Apache's error log. I have also a suspicion that this mapping causes Apache to run out of available slots, and jam at the end.

Here is a snippet from Apache log:

[Mon May 14 16:04:04 2012] [error] [client 190.12.83.230] File does not exist: /var/www/vhosts/default/htdocs/manager
[Mon May 14 16:05:29 2012] [error] [client 200.48.7.17] File does not exist: /var/www/vhosts/default/htdocs/manager
[Mon May 14 16:19:12 2012] [error] server reached MaxClients setting, consider raising the MaxClients setting

Is there any way to prevent these attacks?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
spacemonkey
  • 217
  • 1
  • 3
  • 8

2 Answers2

1

You can install and configure fail2ban to block access for ips that generates those kind of errors.

here are some helpful links

http://www.the-art-of-web.com/system/fail2ban/

http://richardjh.org/blog/blocking-brute-force-attacks-to-dovecot-on-centos/

http://www.fail2ban.org/wiki/index.php/MANUAL_0_8

Richard Holloway
  • 7,256
  • 2
  • 24
  • 30
B14D3
  • 5,110
  • 13
  • 58
  • 82
  • 2
    Thank you for linking to my site but you have linked to a dynamic link on richardjh.org used for paging results. The contant on that page will change as posts are added. Perhaps You meant to use http://richardjh.org/blog/blocking-brute-force-attacks-to-dovecot-on-centos/. I have edited you answer to use this URL I hope that is ok. – Richard Holloway May 15 '12 at 21:07
1

Why do you think that these scans cause apache to run out of available slots?

I suggest that instead of hunting a phantom, you first configure mod_status to find out what URLs are being processed by your server. You can then decide what action you want to take.

Oliver
  • 5,883
  • 23
  • 32