Thread: logwatch httpd

As the root of my system, i saw a message today in my logwatch.
" a total of 1 user probed the server" followed by an ip address.
what does this mean?
Is there any security breach?

Maybe...
Somebody doing penetration Testing for your Web Application/server. Or may be try to just something bas. This message can be coz of virus too ... it is better to use Apahce modsecuirty http://www.modsecurity.org/ which is Open source Intrusion Detection and Prevention module for Web applications.
Also check out http://httpd.apache.org/docs/2.0/mod..._forensic.html - Apahces' forensic module which also gives good info.

i temporarily stopped my httpd. would that solve the problem. since i use ssh to allow remote access, i am assuming it is safe. for the while i dont need my web server running.
what do u say?

kavi, yup when you stop httpd you are safe for while. It is better to use firewall (I hope you got one) and run only needed services. You also need to make sure that sshd is also secure. Btw what distro you are using? If it is old ssh server upgrade it; old ssh server is know for ssh user attacks.