nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

logwatch httpd

This is a discussion on logwatch httpd within the Linux software forums, part of the Linux Getting Started category; As the root of my system, i saw a message today in my logwatch. " a total of 1 user ...


Go Back   nixCraft Linux Forum > Linux Getting Started > Linux software

Register FAQ Members List Calendar Forgotten your password? Mark Forums Read
  #1 (permalink)  
Old 09-22-2005, 07:56 AM
kavi2
Guest
 
Posts: n/a
Default logwatch httpd

As the root of my system, i saw a message today in my logwatch.
" a total of 1 user probed the server" followed by an ip address.
what does this mean?
Is there any security breach?
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 09-22-2005, 01:15 PM
monk's Avatar
Senior Member
User
 
Join Date: Jan 2005
Location: Tibet
My distro: Debian GNU/Linux
Posts: 482
Rep Power: 5
monk will become famous soon enough monk will become famous soon enough
Default

Maybe...
Somebody doing penetration Testing for your Web Application/server. Or may be try to just something bas. This message can be coz of virus too ... it is better to use Apahce modsecuirty http://www.modsecurity.org/ which is Open source Intrusion Detection and Prevention module for Web applications.
Also check out http://httpd.apache.org/docs/2.0/mod..._forensic.html - Apahces' forensic module which also gives good info.
Reply With Quote
  #3 (permalink)  
Old 09-22-2005, 08:19 PM
Junior Member
User
 
Join Date: Sep 2005
Posts: 24
Rep Power: 0
kavi
Default

i temporarily stopped my httpd. would that solve the problem. since i use ssh to allow remote access, i am assuming it is safe. for the while i dont need my web server running.
what do u say?
Reply With Quote
  #4 (permalink)  
Old 09-22-2005, 10:28 PM
rockdalinux's Avatar
Contributors
User
 
Join Date: May 2005
Location: Bangalore
My distro: RHEL, HP-UX, Solaris, FreeBSD, Ubuntu
Posts: 581
Rep Power: 7
rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough rockdalinux is a jewel in the rough
Default

kavi, yup when you stop httpd you are safe for while. It is better to use firewall (I hope you got one) and run only needed services. You also need to make sure that sshd is also secure. Btw what distro you are using? If it is old ssh server upgrade it; old ssh server is know for ssh user attacks.
__________________
Rocky Jr.
You may have my body & soul, but you will never touch my pride!

If you have knowledge, let others light their candles at it.

Certified to work on HP-UX / Sun Solaris / RedHat
Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
httpd.conf deleted! How to re-generate? Any Scripts? vivekv Shell scripting 1 07-17-2008 06:13 PM
httpd.conf deleted! How to re-generate? vivekv Getting started tutorials 2 01-17-2008 04:45 PM
httpd process vimalgoel Getting started tutorials 1 10-08-2007 01:40 AM
HTTPD dead but subsys locked surmandal Web servers 10 07-31-2007 09:53 AM
Linux create self signed ssl certificate for Apache httpd server raj Getting started tutorials 0 05-05-2007 02:23 AM


All times are GMT +5.5. The time now is 08:54 PM.


Powered by vBulletin® Version 3.7.4 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36